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Gettin’ the Goods 


BrainShare always puts me on a high. We get 
to interact with thousands of our readers and 
we get great feedback. 

Many of you at BrainShare mentioned you 
want Novell Connection every month instead 
of just quarterly. Yes, Novell Connection is 
printed quarterly, but many didn't know we 
produce 12 issues each year. The other eight 
issues are distributed electronically. We want 
all our subscribers to take advantage of the 
great magazine content—every month. 

So make sure you're subscribed to both our 
print and electronic editions. If you're a current 
print subscriber, you can update your information 
to include both subscriptions at novell.com/get- 
both. If you're based outside of North America, 
you can get all 12 electronic issues free of 
charge at novell.com/subscribe. You'll get an e- 
mail issue each month delivered to your Inbox. 

If you have comments you want us to print, 
e-mail them to editor@novell.com with the 
subject line of Letter to the Editor. And be 
sure to add that same e-mail address to your 
white list so you don't miss a single issue of 
Novell Connection. 


Eric Schetselaar, Editor-in-Chief 
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Contributing Editors 
Diethmar Rimser, Erno de Korte, John Riley, 
Ken Baker, Laura Chappell, Liz Tanner 


Advertising Inquiries: ncmagads@novell.com 


Letters to the Editor 


> Thanks for the OpenOffice.org article series in 
Novell Connection. Using these as exercises 
complement the manual and help many of us 
really make use of OpenOffice as we want to. But 
in / Tawt I Taw A Puday Tat (Q4 2006), which | fol- 
lowed as an exercise using OOo 2.1 Novell 
Edition on openSUSE 10.2, the section Characters 
and Pictures below Figs 1 and 1b makes use of 
the fonts “Bookman Old Style” and “Monotype 
Corsiva”. | couldn't find any of these fonts in O00 
2.1, neither on openSUSE nor on Windows. And 
OOo 2.1 on openSUSE doesn't have a menu 
entry “File>Wizard>Install fonts from Web” either. 
Where did these fonts come from? 
With regards, 
Terje J. Hanssen 


Editor’s note: As stated in the series, the 
author had been using MSWord for more than 12 
years before switching to OpenOffice.org. The 
fonts used in the author's newsletter are propri- 
etary Microsoft fonts that were installed when she 
installed MSOffice years ago and were still avail- 
able on her system. The fonts she chose to use 
for her newsletter are not included in any version 


VELL, INC. FOUR TIMES 


r Sarah Schweich 


Nancy Hicks, Nathan Conger, Ron Tanner, 
Steve Whitehouse, Tom Manos, Tonia Conger 


Novell, VP of Corporate Communications Phil Julianno 


of OpenOffice.org. Generally, the fonts included 
with an application are usually proprietary and 
thus are paid-for fonts that come as an OEM 
package of the application. Most downloadable 
fonts are fee-based. The 2.1 Novell edition of 
OpenOffice.org has disabled the “Install fonts 
from the web” option on the File | Wizard menu. 


> Thank you. This [First Quarter 2007] is prob- 
ably the best issue of Novell Connection 
magazine | have seen. Previous issues have 
been a little dry and left you wanting more. This 
has more and then some. 

Keep up the great work. 


—Russell Halsey, Manager, Network and IS 


p.s. How can | get a copy of the Gorilla picture 
in this month's issue pg 25? 


Editor’s note: We often get requests for the 
artwork we use in the magazine. Not all of the 
images we use are Novell property. We obtain 
worldwide rights to use them for the issue and 
are not available for other personal use. 


iS AGREEMENT NO 
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We recently vl 
up a tremendously 
successful BrainShare 
conference in Salt Lake 
City. There was real 
excitement throughout 
the entire show among 
attendees. Their enthusi- 
asm built during the 
week as they saw first- 
hand many examples 

of the progress we’re 
making in executing 

our corporate strategy. 
BrainShare 2007 clearly 
demonstrated to our 
customers, partners, 
employees and others 
how our strength and 
focus is driving momen- 
tum in our markets and 
delivering real value for 
our customers. 
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Strength, Focus and Momentum 


‘To give context to the announcements about new products and business initiatives, we kicked off 
the week by once again stating —and reaffirming our commitment to—our corporate strategy. We 
reminded the audience that Novell's emphasis is two-fold. First, we are driving enterprise-wide 
adoption of Linux from desktop to data center. Second, we are giving you the security and systems 
management tools you need to operate and integrate mixed-source environments more effectively, 

The opening general session highlighted some exciting announcements and great videos. 
Then we gave 350- sessions and had several activities. For those of you who couldn’t attend, 
here are some highlights. (Check out our spoofs of the Mac/PC ads and other BrainShare 
videos on novell com/video.) 

On the Linux front, we announced the public beta of Service Pack 1 for SUSE Linux 
Enterprise 10 and also the new SUSE Linux Enterprise Thin Client. Service Pack 1 adds terrific 
new capabilities to SUSE Linux Enterprise in virtualization, high-performance computing, secu- 
rity, interoperability and system management. SUSE Linux Enterprise Thin Client matches up 
to SUSE Linux Enterprise Desktop with an image-creation tool kit that channel partners can use 
to provide finished thin-client solutions to customers. 

We also announced the open beta of Novell Open Enterprise Server 2, which provides Novell 
workgroup services on SUSE Linux Enterprise. It helps you long-time customers maintain your 
investment in Novell technologies through virtualization of NetWare on Linux. In addition, we 
unveiled Novell Teaming and Novell Teaming + Conferencing, These new real-time collaboration 
solutions complement GroupWise and the Open Workgroup Suite and make it easier for people 
to create, share and manage information. 

We announced several major developments to help secure and manage your mixed environ- 
ments: 1. the new Identity Manager 3.5, adding tighter integration with authentication, single 
sign-on and event management solutions. We also delivered Sentinel 6.0 letting you monitor your 
network in real time, identify and remediate security incidents, and document regulatory compli- 
ance. For systems management, our new Novell ZENworks 7.2 Linux Management gives you 
powerful options for managing enterprise Linux with unique support for both SUSE Linux 
Enterprise 10 and Red Hat Enterprise Linux. It also includes policy-based full lifecycle manage 
ment to help you deploy, manage and maintain your Linux resources. 

| also want to thank the Microsoft team and Craig Mundie, Microsoft’s chief researcher and 
strategy officer, for participating in and supporting the event. We are firmly committed to work 
ing together with Microsoft to meet your needs for more platform interoperability and choice. 
So looking back at another great BrainShare, the key take-away is that all of our new products, 
services and business initiatives align with our overall corporate strategy. Our announcements and 
new products are proof positive that we are making great strides toward reaching our goals, and 
more important, serving your agenda. We're helping you leverage the power of Linux and open 
source software throughout your enterprises. We're also providing you with tools that enable bet- 
ter and more secure management of your mixed-source environments. 

With strength and focus, we are gaining momentum by helping you reduce cost, complexity 
and risk in your I'T environments. This obviously makes you happy because it lets you spend more 
time focusing on what really matters to you— innovation and growth of your core businesses. 

If you have thoughts or observations about BrainShare or any of the articles in this issue, we'd love 
to hear them. Please e-mail them to editor@novell.com. 


Ron Hovsepian 
PRESIDENT & CEO, NOVELL INC. 
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Here’s Your Sign! 


Taking your Enterprise in the Right Directions 


by Fobn Riley 


as Linux truly arrived? Is it a major factor in enterprise 

IT today? The answer is simply and unequivocally 

“yes.” Consider the following data points. 
From its modest beginnings in 1991 when Linus Torvalds released the 
first version of the kernel, Linux has become the world’s fastest grow- 
ing operating system. According to Gartner Dataquest, Linux 
shipments will increase from 1.4 million units in 2005 to 2.4 million in 
2010, a compound annual growth rate of 11.7 percent. In addition, 
Linux-based mission-critical IT data center deployments will drive 
more than US$2.2 billion of the US$1r billion in total server shipment 
revenue by 2009. (Gartner Data Center Conference 2006 presenta- 
tion: Enterprise Linux: Has It Truly Arrived) 

Among forward-thinking IT executives, the debate about the via- 
bility and effectiveness of Linux is over. They've already deployed 
Linux successfully in their corporate data centers to run critical work 
loads. It has proven to be a reliable, stable and secure operating system 
that’s easy to deploy, customize and manage. Bolstered by that suc 
cess, many IT executives are now considering where to go next with 
Linux. They know that Linux can deliver big price/performance 
increases and significant competitive advantages, and they want to 
generate those results in more areas of their IT operations. 

But where and how should they expand the Linux footprint within 
their enterprises? What should IT leaders be thinking about as they 
consider potential new deployments? The next chapters of the Linux 
story are only now being written, and there are sure to be some sur- 
prising twists and turns ahead. But for the foreseeable future, Linux 
use will clearly continue to grow, and part of that growth will come 
from deployments in new areas of enterprise IT. 

Given where Linux is today and its building market momentum, it’s 
a good time for IT leaders to pause and think about where to take 
Linux next and how to ensure success. To that end, we offer the fol- 
lowing suggestions for some things IT leaders should be thinking 
about as they prepare to deploy Linux more broadly throughout their 
organizations. 


> Partner With a Leader 

Betting even a small part of your organization's success on a small or 

struggling vendor is always a risky proposition. A wiser choice is to go 

with a vendor that has experience and a proven track record of success. 
Novell is a clear leader in the Linux market. Our SUSE Linux 

Enterprise platform is the only Linux distribution available today that 

offers true enterprise-class functionality from desktop-to-data cen- 

ter. That platform includes: 

* SUSE Linux Enterprise Server—a reliable, secure, scalable and high 
performance server designed to handle a variety of compute-intensive 
tasks, including mission-critical workloads in the data center. 

* SUSE Linux Enterprise Desktop—the market's only enterprise- 
quality Linux desktop. With award-winning usability and bundled 
with key productivity applications, it is ready now for routine 
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business use. It is deployable as a general-purpose desktop or 
easily tailored for use in thin- or thick-client configurations. 


Several other unique characteristics set the SUSE Linux Enterprise 
platform apart from its competition. First, the platform is backed by 
the world-class Novell technical support organization. A key consid- 
eration when adopting any open source technology is support quality. 
Our experienced technical support team stands ready to offer what- 
ever support customers may need, 24x7 worldwide. 

Another key difference, made possible through our ground-breaking 
collaboration with Microsoft, is the unmatched interoperability SUSE 
Linux Enterprise offers with various Windows-based technologies. 
That, along with a set of tightly integrated management tools, simplify 
and streamline the management of heterogeneous IT environments. 

By choosing to align with a leader like Novell and its unparalleled 
SUSE Linux Enterprise platform, customers can be sure that they will 
have the advanced technology and high-quality support they'll need to 
quickly improve IT operations while reducing cost, complexity and risk. 


> Power More Servers and Workloads 

In organizations of all types and sizes, there is constant pressure to 
improve operations while controlling costs. Given the clear price/perfor- 
mance advantages offered by Linux, more and more businesses are 
considering it for high-performance tasks and for mission-critical busi- 
ness applications from vendors such as Oracle and SAP. 

SUSE Linux Enterprise Server 10 illustrates why IT experts are look- 
ing to Linux solutions to solve some of their biggest operational 
challenges. It isa massively scalable (using either several commodity serv- 
er platforms or a single, large symmetric multiprocessing server) and 
high-availability server solution. With SUSE Linux Enterprise Server ro, 
enterprises can easily, safely and securely migrate more of their complex, 
line-of business applications over to Linux and begin to reap the benefits. 


> Go Virtual with Linux 
Many enterprises are looking to virtualization technology to solve prob 
lems and generate better results and greater value for their IT 
investments. Virtualization is the decoupling of software from hardware 
so that disparate software systems and applications can reside and run 
isolated virtual servers on the same physical hardware. It enables enter- 
prises to better align their IT resources with their business goals through 
flexible and dynamic provisioning of critical workloads. Some of the spe- 
cific benefits of virtualization include: 
lower hardware costs by decreasing the number of required servers 
* lower infrastructure costs such as power, cooling and space through 
server consolidation 
* increased server utilization by allowing multiple applications to 
coexist on one server 
improved business continuity and system uptime by moving 
workloads onto virtual machines as needed and without interruption 


improved response times by leveraging excess data center 
capacity and by balancing computing loads across data center 
resources at peak times. 


SUSE Linux Enterprise ro was the first Linux distribution to ship 
with fully integrated virtualization capabilities. With Xen hypervi- 
sor technology, you can create virtualized Linux machines on 
commodity hardware, creating new levels of flexibility and agility in 
your environments at a lower total cost of ownership. 


> Linux and Windows Interoperability 

A key consideration for IT leaders intending to broaden the Linux 
footprint within their organizations is ensuring interoperability 
with their other strategic IT platform, namely Microsoft Windows. 
IT managers must avoid creating an environment that encompasses 
both platforms but lacks interoperability between the two. By 
choosing a Linux solution that offers outstanding interoperability 
with Windows-based technologies, IT managers will avoid increas 
ing their management challenges. 

Novell is uniquely positioned to deliver more thorough Linux- 
Windows interoperability than any other Linux provider today. As part 
of our partnership with Microsoft, we will be intr« »ducing new technol- 
ogy over the coming year that improves interoperability in four areas: 

: bidirectional virtualization 

standards-based systems management 
: directory and identity federation 
* document format compatibility. 


This technical collaboration will help you reduce costs in your data 
centers, gain new levels of flexibility and streamline operations. 


> Management of Heterogeneous 

Virtual and Physical Assets 

With the ability to create more types of virtualized servers added to 
the plethora of physical server platforms now deployed in data cen 
ters, you, as IT managers, might be faced with more complicated 
management issues for your server environments. Your goal should be 
to find ways to simplify and automate physical and virtual machine 
management. Without automated management amid this complexity, 
your IT operations could quickly run amok. 

With more than 20 years of experience in developing enterprise 
infrastructure software, Novell knows how to help you eliminate IT 
chaos. We have worked closely with various standards bodies and the 
open source community, and have focused significant development 
efforts on ways to modularize, standardize, commoditize and virtual 


8 seconp QUARTER/2007 


ize the IT environment. The result is a sophisticated set of systems 
management solutions that let you automate the administration and 
management of virtual and physical machines, operating systems, 
devices, applications and other IT resources. 

Our automated data center solutions enable you to confidently 
employ virtualization technologies in your IT operations. Unlike most 
data center management offerings, the Novell solutions manage both 
the physical and the virtual components. As a result, Novell allows you 
to plan and manage your IT resources as a strategic whole, instead of 
isolated components. Full life cycle management of both the physical 
and virtual world together also reduces environment complexity, staff 
training and provides a unified method of management. 

The “brain” of these solutions is the Novell ZENworks 
Orchestrator. This key component interacts with configuration and 
storage resource management servers to manage physical compute 
and storage resources and the relationships between them. 
ZENworks Orchestrator, in concert with the ZENworks Virtual 
Machine Management tool, works on Linux, Unix, Windows and Mac 
machines, and manages virtual resources, controlling the entire life 
cycle of each virtual machine. 

With these advanced solutions from Novell, you can implement 
automated policies that manage IT resources to meet the business 
needs of your organizations. This way, resources that would otherwise 
stand idle or underutilized are redirected to meet new demands. 
These critical IT activities include configuration management, job 
scheduling dynamic provisioning and resource allocation. By enabling 
this increased automation, Novell data center solutions give IT man- 
agers fast and effective ways to achieve tremendous improvements in 
their organizations’ IT effectiveness. 


> Conclusion 

It’s time to build on the success you've had with Linux in your data 
center. It’s also a great time to partner with Novell and use our 
SUSE Linux Enterprise platform to drive IT improvements while 
also lowering cost, complexity and risk. 

Our SUSE Linux Enterprise platform, along with the other open 
source and open standards-based solutions from Novell, give you a 
clear, safe and strong path to IT improvements and competitive 
advantage. So far, you might have only achieved a fraction of the 
potential benefits that Linux can bring to your organization. But 
with the courage of your convictions, and a great partner such as 
Novell at your side, you can make effective, strategic changes that 
will align your IT assets more closely with your organization’s goals. 
The results will be better IT performance, better bottom-line 
results and competitors further back in your rear-view mirror. N 
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Cleaning Up 


JohnsonDiversey 


by Liz Tanner 


or its global IT team to be effective, JohnsonDiversey 

needed a consistent identity management solution for its 

worldwide workforce, as well as centralized desktop man- 
agement. Novell solutions help the company centrally manage user 
identities and assets in a cost effective manner. 


> Overview 

With sales in more than 140 countries, JohnsonDiversey is a leading 
global provider of cleaning and hygiene solutions to the institutional 
and industrial marketplace, serving customers in the lodging, food 
service, retail, healthcare, food and beverage sectors as well as build 

ing service contractors worldwide. 


> Challenge 

For JohnsonDiversey, managing a mobile workforce is a bi g challenge, 
particularly with 10,000 employees in more than a hundred locations 
throughout the world. Each of the company’s applications had a sep 
arate user database, making it difficult for IT personnel to maintain 
accurate data and assign user [Ds. The company needed a centralized 
identity management solution to reduce the increasing costs associat- 
ed with user administration. 

Many of the company’s locations lack IT staff to distribute appli- 
cations and perform regular desktop maintenance. Administration 
costs were skyrocketing as the company had to send CDs to each 
office and hire local I'T contractors to visit individual workstations. 
Standardizing its workstations would allow a centralized IT staff to 
manage its entire environment from a single location. 


> Solution 

Based on its need for a scalable global directory, JohnsonDiversey 
selected a Novell identity management solution based on Novell 
eDirectory and Novell Identity Manager. 

“We had some experience with Novell eDirectory and knew we 
could deploy it globally with confidence,” said Renee Turco, manager 
of Desktop Technology, Global IT at JohnsonDiversey. “It is one of 
the only products in the industry that would work across hundreds of 
applications on multiple platforms.” 

JohnsonDiversey now uses Novell eDirectory as its authoritative 
source of user identity information and can create standard user IDs 
across each region. Using Novell Identity Manager, the company can 
synchronize user identities across applications to reduce the need for 
manual account creation and updating. Consistent identity manage- 
ment has improved information sharing across regions and helps a 
centralized IT staff maintain accurate user identity information. 

“With Novell, we now have a single ID for our users and have 
greater confidence in the accuracy of our data,” said Richard 
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Strong, director of Global IT at JohnsonDiversey. “Having a stan- 
dard process for provisioning and deprovisioning users has not only 
simplified administration, but has also greatly increased data securi- 
ty and improved our ability to comply with regulatory requirements 
such as Sarbanes-Oxley.” 

With Novell ZENworks, JohnsonDiversey has extended identity 
management to its desktops to more efficiently manage and maintain 
its enterprise. 

“We evaluated other products, but we needed identity-based desk- 
top management and no other vendor can provide that,” said Turco. 
“Novell ZENworks also scales better than anything else which is crit- 
ical for our global enterprise.” 

JohnsonDiversey uses Novell ZENworks to distribute applica- 
tions and updates to dispersed users in days, rather than weeks or 
months, and without having to send CDs to each location. The 
company can also distribute critical software patches much faster to 
protect its network. 

The company’s centralized helpdesk uses the remote control fea- 
tures of Novell ZENworks to quickly resolve issues for a user, 
regardless of location. Users are no longer frustrated by having to wait 
for a technician to visit their workstation. 

“Novell ZENworks Asset Management dramatically improved our 
ability to maintain an accurate inventory of our workstations,” said 
Turco. “Users are unaware that it is even running and the data report- 
ing capabilities are remarkable.” 

Without a dedicated internal IT staff to focus on identity and 
desktop management, JohnsonDiversey hired Novell Consulting to 
design and implement the solution, based on a broad skill set and best 
practices from multiple environments. 

“We could not have completed such an ambitious, global project 
without Novell Consulting,” said David Teichen, senior project man- 
ager in Global IT at JohnsonDiversey. “They did an excellent job 
helping us see the vision of the project and doing it all with a disci- 
plined approach. It really helps to have another set of eyes looking out 
for our business.” 


> Results 

With Novell Identity Manager and Novell ZENworks, 
JohnsonDiversey’s centralized IT staff can now manage a worldwide 
enterprise, helping the company reduce administration costs. A central 
source of user identity information has improved data accuracy and 
security, as well as compliance with regulatory requirements. 

Novell ZENworks has eliminated the need to hire additional IT 
resources In a variety of regions and has significantly reduced travel 
time and costs. Using the remote control features of ZENworks, the 
helpdesk can now resolve user issues much faster, N 


See the Summary Box online. 


by Ken Baker 


GETTING 


Planning Your Next Move: Migrating from NetWare to Open Enterprise Server 
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hen it comes to discovering the key to a successful 
migration, it’s not likely that experts in the IT realm will turn to the 
rgth Century children’s classic, Alice in Wonderland. Regardless of how 
unlikely, that migration key reveals itself on the story’s pages when a 
confused and lost Alice asks the Cheshire cat for directions. The cat 
responds, “That depends a good deal on where you want to get to.” 
When Alice says she doesn’t really care where she goes, the mischievous 
cat answers, “Then it doesn’t matter which way you go.” 

Although Novell Senior Product Manager, Jason Williams, never 
once referenced the children’s story in his BrainShare presentation on 
migrating from NetWare toNovellOpen Enterprise Server 2 on Linux 
(novell. com/brainshare/virtualbrainshare), he certainly echoed the 
Cheshire cat’s words when emphatically declaring, “The key to a suc- 
cessful migration is to know where you are and where you want to go. In 
other words, before you start, you have to actually plan your migration.” 
Some of the issues influencing your destination— issues Williams rec 
ommends you consider when planning a NetWare to Novell Open 
Enterprise Server migration—include: 

+ Migration or Consolidation 
- Physical to Physical or Physical to Virtual 

Directory Concerns 
+ Clustering 
* Linux Considerations 
+ Migration Tools. 


> Migration or Consolidation 

When planning a move to Novell Open Enterprise Server 2, are 
you upgrading, migrating, consolidating or doing a combination of 
all three? Part of this question deals with the additional questions, 
“Is your destination NetWare or Linux?” and “Are you moving 
from an older version of NetWare or the original Novell Open 
Enterprise Server?” Whether you're moving from NetWare to 
NetWare, Linux to Linux or NetWare to Linux, this might be a 
good time to consider taking advantage of today’s more powerful 
hardware platforms and doing some server consolidation. This is 
especially true if you're moving from NetWare to Linux, as an in- 
place upgrade from NetWare to Linux is not supported. 

Keep in mind that server consolidations require significantly 
more planning than basic one-to-one migrations. But in spite of 
the additional planning requirements, server consolidation pays 
off in lower hardware costs, as well as lower cooling, power con- 
sumption and rack space costs. To illustrate this savings, Williams 
indicated in his presentation that Novell recently consolidated 14 
older file and print servers down to two new servers. 

If you do consolidate, you need to consider whether you'll keep 
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your services in their original tree or move them to a new tree. It’! 
take some planning to determine how to move user objects from 
one tree to another. One method that Williams suggested is to set 
up a Novell Identity Manager connection between your old tree 
and your new one. This will let you easily synchronize your user 
objects to the new tree. Doing so also presents an opportunity for 
you to redo the layout of your tree structure. Identity Manager 
will allow you to remap the location of all user objects in your new 
tree. As part of this process, you'll probably also want to get rid of 
any old user objects that are no longer being used. 

Also, if you have multiple volumes that you want to consolidate 
to a single directory structure, it might be a good idea to take a 
look at using DFS junctions, which let you split and move your 
Novell Storage Services volumes. DFS also lets you create a single 
virtual directory view of multiple volumes to help you organize 
them the way you want. (see ricure |.) From within that virtual 
directory view, you can map drives to single volumes and then tra- 
verse your multiple volumes across the directory structure. 

Of course, if you are planning on doing server consolidation as 
part of your migration efforts, you'll also need to decide if that 
consolidation will be from physical servers to physical servers, or 
physical servers to virtual servers. 


> Physical to Physical, Physical to Virtual 

Migration planning is a perfect time to examine the benefits of 
virtualization. Novell Open Enterprise Server supports both Xen 
and VMware virtualization, but each solution has a different set of 
requirements. You'll want to evaluate these requirements to see 
how each might affect your migration plans and your overall net- 
work infrastructure. 

When virtualization becomes part of your migration planning, 
Williams recommends taking a close look at the types of work- 
loads being carried out by the different servers you plan to 
consolidate. Server workload is key to determining the placement 
of your virtual machines. If you load up a single physical server 
with multiple virtual machines that are all extremely disk-inten- 
sive, you might use up the entire bandwidth of your disk array, or 
you could run into contention problems if the virtual machines 
use the same fibre channel or iSCSI array. Likewise, you might not 
want to stack on the same physical machine multiple virtual 
servers that are all very CPU-intensive. When leveraging virtual 
ization for server consolidation, awareness of your server 
workloads can prevent you from overloading your box with multi 
ple servers of the same type and potentially running out of CPU, 
memory or disk bandwidth. 


The key to a successful migration 
is to know where you are and where you want to go. 


If you employ clustering, you can also use virtualization as part of 
this effort. For example, if you have an eight-node cluster, you might 
want to consider running three or four of those nodes as virtual 
cluster nodes. This can reduce power and physical space require- 
ments, while still providing a level of high availability for your 
services. But don’t even think about following the example of the 
guy that, as Williams quipped, said, “Wow, that’s great. I can put all 
my cluster nodes on a single machine.” While that can be done, it’s 
obviously not a very bright idea. 

As mentioned before, you can choose to go with Xen or VMware, 
but one of the benefits of Xen is that it’s included with Novell Open 
Enterprise Server 2 as part of SUSE Linux Enterprise Server to. 
Also, by going with Xen, whether you're running Linux or NetWare 
virtual machines, it can detect that they're virtual servers and then 
load them in paravirtualized mode to take full advantage of the 
AMD V and Intel VT chips for increased performance. You should 


also be aware that Novell does not support NetWare in full virtual- 
ization mode in Xen. 


> Supporting Team Members 
Directory Concerns 
Directory services are an often-overlooked aspect of migration. 
When it comes to the directory, planning is once again critical to 
migration success. Before executing any migration or rollout, 
Williams recommends carrying out the following best-practice 
steps for your directory: 
Understand the replication layout of your directory (for 
example, replica rings and partition structure). 
Execute a directory health check before doing anything. 
- If directory expansion is planned, consider re-engineering your 
directory as part of the migration. 
Determine what eDirectory version best fits your needs. 
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Migration Options Summary 


Based on the selections you have made, the following options will be used during the migration. 
if needed, you can ge back and change these settings. 


To verify that these settings will provide 
the results you expect, you can test the 
migration before continuing. You can also 
audit the migration after it has completed 


Viet YAudit. | LAView Log | 


> Resources Selected For Migration 

> Options To Apply During Migration 
Duplicate File Resolution 
Source Tree LDAP Server 


Copy Source File if Newer 
151.155.198.212 


When ready, select Migrate to begin the migration process. If you do net want to start the 
migration now, select Exit. The migration project is saved as you progress through the wizard, so 
you can open and continue the migration project later. 
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In his BrainShare presentation, Williams pleaded with attendees, 
“Please, please, please, execute a directory health check before you do anything!” 


Before you migrate, you need to understand the replication layout 
of your directory and how you want it to look when you're done. 
Where are your replica rings located? What servers actually have 
partitions on them? Also, you need to know where you want your 
replication rings and partitions to be after you finish your migra- 
tion, so you can design your network topology accordingly. If you 
fail to plan properly in this area, you can count on running into 
network replication problems. 

In his BrainShare presentation, Williams pleaded with attendees, 
“Please, please, please, execute a directory health check before you 
do anything!” He went on to say how amazing it is that so many peo- 
ple doing a migration or consolidation call Novell, saying they can’t 
get a new service to install or work, only to learn they had servers 
that hadn’t been in contact with the directory tree for several 
months. As a result, the tree didn’t migrate or a number of objects 
never properly synchronized. These problems, and many more, can 
be avoided by performing a simple health check of the directory 
before migrating. Williams also recommends setting up a master 
timeserver to make sure your entire directory tree has its time syn- 
chronized accurately. 

If your directory is likely to expand in the future, a migration might 
be the ideal time to re-engineer your tree to accommodate that 
expansion. Maybe you want to create a flat tree structure so that 
LDAP can walk your tree more efficiently to find a user object. 
Novell Identity Manager can aid in this re-engineering effort, allow 
ing you to synchronize your user objects to your new tree. If you plan 
to do this, it’s a good idea to first create your new tree ina lab to make 
sure you understand its structure and that it’s actually going to work 
the way you want it to before you put it into production. 

Your migration planning effort must also include determining 
what Novell eDirectory version you will use. There are valid cases 
for both eDirectory 8.7 and eDirectory 8.8. You might already have 
version 8.7 in your organization and you might be comfortable with 
it. It’s been in the market for about three years, and it also ships as 
part of Novell Open Enterprise Server 1. It’s not a problem if you 
decide to stay with version 8.7, but there are some advantages to 
moving to eDirectory 8.8. 

First of all, eDirectory 8.8 has enhanced features and scalability. It 
supports newer advances in Novell Identity Manager and Novell Access 
Manager. Also, if you're planning on taking advantage of the new 
Domain Services for Windows in Novell Open Enterprise Server 2, 
you'll need to deploy eDirectory 8.8 somewhere in your organization. 
This service enables Linux servers to integrate with Active Directory so 
your users can authenticate from Windows to Linuy servers without 
the need for a Novell client on the desktop. 
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> Clustering 

If clusters are part of your plan, how will your cluster environment 
impact your migration efforts? To begin with, Williams says, you 
need to understand the primary role of your cluster. Is it for 
GroupWise high availability? File and print services? Directory 
services? If you have one large cluster for all of these services, you 
might want to consider splitting your cluster into multiple smaller 
clusters. This could mean a six-node cluster for GroupWise, anoth- 
er six-node cluster for file and print, and finally a six-node cluster 
for directory services. By separating your clusters this way, prob- 
lems in one service cluster won't spill over and potentially affect 
your other clustered services. 


Whether you’re moving from 
NetWare to NetWare, Linux to Linux, or 
NetWare to Linux, this might be a good 
time to consider taking advantage of 
today’s more powerful hardware 
platforms and doing some server 
consolidation. 


Splitting your clusters like this can also simplify administration 
efforts, since you can independently manage each cluster. Also, if you 
need to do a cluster update, a rolling upgrade of a six-node cluster is 
much easier than a rolling upgrade of a 32-node cluster. 

If you plan to implement Novell Business Continuity Clustering to 
allow automated management of site-to-site failovers, how will this 
affect your migration efforts? What will be the impact on your net- 
work topology? Business Continuity Clustering allows you to define 
which of your resources are considered “vital” so only those services 
move to an off-site location rather than the entire cluster. 

You also need to decide what clustering technology you'll be using. In 
a NetWare environment, you'll likely use Novell Cluster Services. On 
the Linux side, you can choose between Heartbeat 2 or Novell Cluster 
Services. Novell Cluster Services is typically the preferred choice due to 
its richer failover services. Also, if you plan to implement Business 
Continuity Clustering, you will need to use Novell Cluster Services. 


> Linux Considerations 

When migrating to Linux in your Novell Open Enterprise Server 
environment, you have to decide what file system you want to use. 
You have a choice of Novell Storage Services, ReiserFS and ext3. 
According to Williams, there isn’t one right answer. In fact, it might 
make sense to have different servers using different file systems 


For more information or to have a Novell Representative contact you, please visit novell.com/ncmconnect 
or call 1-800-596-1700. 


depending on those servers’ primary roles. 
Of course if you are already running 
NetWare, you'll already have a lot of Novell 
Storage Services volumes. If you want to pre- 
serve all the rights, metadata and trustee 
information associated with the data on 
those volumes, it makes sense to stick with 
Novell Storage Services. 

Also, if your volumes are already ina SAN 
environment with Novell Storage Services, 
migrating to a SAN environment that uses 
Novell Storage Services on Linux will be 
extremely easy. Using DFS junctions also 
requires Novell Storage Services to support 
volume moves and splits. And if business con- 
tinuity clusters are in your plans, you might 
find them easier to implement if you're using 
Novell Storage Services. 

Cases can be made for using ext3 or 
ReiserFS as well. ReiserFS is optimized for 
small files and performance. In fact, both 
Novell IS&T and the GroupWise engineering 
team recommend ReiserFS — for 
GroupWise servers, primarily due to perform 
ance increases and the fact that GroupWise 
doesn’t utilize the advanced features of Novell 
Storage Services. The performance levels for 


using 


ext3 are similar to that of ReiserFS. 

Dynamic Storage Technology, formerly 
known as shadow volumes, works with 
Novell Storage Services, ReiserFS and ext3; 
however, be aware that it cannot move data 
from a Novell Storages Service volume to an 
ext3 or ReiserFS volume, or vice versa. 


Know Where You Want to Go 

Other migration advice provided during 

Williams’ BrainShare presentation on 

migrating from NetWare to Novell Open 

Enterprise Server on Linux included: 

* Understand what your target server will 
be used for and then only install the 
actual packages required to do its job. 

- Take advantage of Auto YaST to speed up 
your rollouts. 

Familiarize yourself with the different 
migration tools and resources available 
from Novell (See Novell Open Enterprise 


Server Migration Tools). 


But once again, the most important migra- 
tion counsel echoed that old wisecracking, 
smiling cat, “Before you do anything, know 
where you are and where you want to go.” 


Novell Open Enterprise Server Migration Tools 


| For Novell Open Enterprise Server 2, Novell has taken a different approach to providing migra- 


tion tools. Instead of creating one large migration toolkit, you'll be able to use individual 
programs for each major service you might want to migrate. (sir pict rt 2.) This enables you 
to not only migrate a single service at a time (the method preferred by most customers), but it 
allowed Novell engineering to develop better migration tools since each tool focuses on doing 
one thing extremely well. 

For more information on the migration tools and resources currently available from Novell, visit 
novell.com/oesmigration. This migration Web site, debuted at BrainShare in March, provides 
dynamic access to content from the Novell Open Enterprise Server Migration Support Forum and 


| Cool Solutions Community, as well as collateral, documentation, articles, Web links, third-party 
| resources and more. It also provides access to a community of users for the purpose of sharing 


migration best practices. 
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YES! YOU Can! The Exciting New Service from Novell Open to Everyone: 
The Novell Partner Linux Driver Process 
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“Workin 
partners, an 
customers to efficiently obtain needed drivers independent of our SUSE Linux 
Enterprise release cycles. We will continue to support third parties delivering open 


welcomin 


source 


with the opensource community and our hardware and software 
the participation of other Linux distributors 


we are allowing 


rivers to kernel.org for release directly with our Linux products, but this new 


process fills the driver gap between releases that can be critical to customer 
and partner success.” —Kurt Garloff, head Linux architect for Novell 


common definition of trifecta is “a slang term used 
to describe any successful phenomenon that comes in threes.” The 
Novell Partner Linux Driver Process (PLDP) is a prime example of 
such a three-pronged advantage. Whether you are an end user updating 
to the most recent version of the SUSE Linux kernel, a hardware or 
software vendor developing device drivers for SUSE Linux, or an active 
member of the open source community, the benefits are significant. 


Before the Partner Linux Driver Process, only Novell could 
provide supported drivers for SUSE Linux Enterprise 
based products and customers who needed updated 
drivers not supported by Novell were on their own. 


> Before the Partner Linux Driver Process 

Each piece of hardware and some software applications need a driver 
that interfaces with the operating system kernel to enable the device or 
application to function correctly (e.g,, printer, network card, video card, 
virus scanner). Sometimes modifications to the kernel—whether asso- 
ciated with a scheduled update or addressing a security need—can 
break drivers pre-compiled for earlier kernel versions (this is the case 
with any external drivers or drivers not included as part of the kernel 
itself). This incompatibility can cause significant system down time and 
potentially corrupt data. 

When a problem occurs, the driver must be recompiled against the 
new kernel version which could require changes to the driver source 
code. This type of recompilation and adjustment to the driver’s source 
code requires skilled system administrators the likes of which aren’t 
always on staff and available (or affordable). 

Before Novell introduced the Partner Linux Driver Process, 
updating to the most recent version of the kernel often required 
hardware and software vendors to recompile their drivers in- 
house. If these recompiled drivers were not updated at the same 
time as the kernel, all previously compiled drivers would break 
making them completely unusable (no more 3-D desktop effects 
or multi-path IO). 

Although Novell provides updated drivers with product service 
packs, this is not really an ideal solution since service packs often release 
months after new hardware hits the market. To take the burden off sys- 
tem administrators—allowing them time with their children 
(successfully avoiding another case of “...the cat’s in the cradle and the 
silver spoon...”), the Partner Linux Driver Process provides a clean inte 
grated infrastructure for partners, enabling them to provide drivers for 
new hardware—independent of SUSE Linux release cycles or corre- 
sponding to kernel updates. 
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> Trifecta: Part One— 

The Independent Software and Hardware Vendors 

Even with the manpower to recompile a driver after a kernel 
update, software and hardware vendors are typically slow out of 
the gate as a result of the kABI (Kernel Application Binary 
Interface) security embargo (a period of time where the kABI is 
frozen to allow for proper testing). Once the embargo is lifted and 
changes to the kABI are released, only then can vendors begin the 
recompilation process. This creates quite a hassle and lengthy 
delay for vendors dedicated to offering compatible hardware 
seamlessly with updated kernel versions. 


1. KABI Notification Service 
Realizing this disconnect and the potential for disrupted 
business, Novell offers, as part of the PLDP., to track the kABI 
(the set of in-kernel symbols used by drivers and other kernel 
modules) and inform hardware vendors when, and in what way, 
they need to update a driver to address an upcoming change. 

The mainstream Linux kernel is a dynamic entity— 
experiencing frequent changes to the kABI as a result of the 
open source community’s encouragement to innovate on your 
own terms. 

While SUSE Linux engineering teams strive to maintain a 
stable kABI between service pack releases, security updates 
and new hardware may occasionally necessitate kABI changes. 
Not only does this service provide Novell partners with 
information about how their modules could be affected by 
upcoming kABI changes, it also allows the SUSE Linux 
engineering teams to proactively assess how proposed kABI 
changes might affect partner modules. 


Novell recommends the best place for partners 
to develop kernel drivers is upstream in the kernel.org 
source tree, where kernel driver code benefits 
from thorough review and community involvement. 


2. PLDP Build Service 
Depending on a vendor's technology partner level, Novell may offer 
to take the driver code into a build service so the driver is 
automatically rebuilt by Novell during the kernel security embargo. 
When a partner provides source code for the PLDP Build 
Service, Novell Partner Engineering places the code into a 
partner module build area which is fully integrated with the 


For more information or to have a Novell Representative contact you, please visit novell.com/ncmconnect 


or call 1-800-596-1700. 


“The new process is simply another way for us to 
help customers run their businesses reliably and 
cost effectively.” 
—Kurt Garloff, head Linux architect for Novell 


SUSE Linux automated build system. 
The partner’s modules can then be 
rebuilt with every new version of the 
SUSE Linux kernel. Once the new 
module is completed, Novell Partner 
Engineering hands it over to the 
partner for testing and verification. 
Participation in this Build Service 
ensures that partners can provide their 
customers with updated kernel modules 
at the same time Novell provides a new 


SUSE Linux kernel. 


3. PLDP Hosting Service 
With the Partner Linux Driver Process 
Hosting Service, Novell hosts partner 
drivers (GPL-licensed only!) on a Novell 
updated site which integrates with SUSE 
Linux installation and update utilities. If a 
vendor chooses, they may opt out of the 
Hosting Service and provide their own 
drivers (usually proprietary) on a host site 
or a physical CD. 


> Trifecta: Part TWwo—The Customer 
Before the PLDP, customers occasionally 
found themselves locally managing the 
recompilation of external drivers after each 
update to the kernel. This happens, for 
example, when a customer purchases new 
hardware that does not have driver support 
in the current Linux kernel. Each time the 
kernel updates they were forced to go back 
and scrutinize a patch, modifying it to work 
with the new kernel. 

Additionally, when an unsigned external 
driver is incorporated, the customer creates 
what is called a “tainted kernel”, jeopardiz- 
ing their service agreement altogether. 


When considering this kind of situation, 
administrators with such driver issues might 
choose not to reboot after a kernel update 
or, worse, decided not to install kernel secu 
rity updates at all to avoid the issue of 
incompatible drivers. 

The second prong of the Trifecta benefits 
the customer by streamlining the process of 
updating the SUSE Linux kernel and partici- 
pating drivers. As an end-user, if you happen 
to use drivers that are part of the Partner 
Linux Driver Process, you experience minimal 
to no time lapse between kernel updates and 
updated drivers. Additionally, because SUSE 
Linux is considered progressive in supporting 
new technologies and hardware, it’s dedicated 
to keeping up with the latest in both hardware 
and security updates so you know you're get- 
ting the best options available from the open 
source community. 

It’s worth juxtaposing the Novell PLDP 
with the Red Hat approach which attempts to 
avoid all the hassle by maintaining a very sta- 
ble KABI at all cost. Red Hat believes that by 
leaving the kABI unchanged, external drivers 
will work even when the customer has updat- 
ed to the latest Red Hat kernel version. 

With this dedication to a super-rigid kABI, 
however, comes a static kernel moving further 
away from the ever-changing mainline tree. As 
a result, Red Hat has a hard time supporting 
new hardware because it becomes increasingly 
difficult to back port the functionality without 
changing the binary interface. 

Rather then keep the kernel unchanged, 
Novell introduced the Partner Linux Driver 
Process to keep pace with new hardware and 
be more responsive to the ever-changing 
needs of the customer. 


PLDP was introduced as a limited solution with SUSE Linux Enterprise 9 SP3. 
Starting with SUSE Linux Enterprise 10, the PLDP is fully supported. 
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“Our customers can now update to the latest drivers for our hardware, without the 


cost and resource related to rebuildin 


kernel drivers or waiting for kernel patches." 


—Reza Rooholamini, director of Enterprise Solutions Engineering for Dell 


> Trifecta: Part Three—Open Source Community 

As an active member of the open source community, Novell created 
the PLDP to broaden Linux hardware support and simplify the 
process of acquiring, installing, and updating device drivers. By sim- 
plifying the experience for hardware and software vendors compiling 
drivers for the Linux kernel AND creating a clean and integrated 
experience for the end-user, Novell promotes the strength and viabil 
ity of the open source community. 

The technology behind the PLDP is all open source and included in 
the openSUSE.org distribution of SUSE Linux. Novell continues to 
provide and explain the inner workings of this technology to the indus- 
try and other Linux vendors with the intention of furthering the general 
adoption of Linux. 

In the end, no matter your role (vendor, customer or a member of the 
open source community), the Novell Partner Linux Driver Process pro- 


Wow the perks of 


vides a strategic, forward-looking and interrelated approach to kernel 
and driver updates. Novell and its technology partners work together to 
provide their customers with the infrastructure they rely on to success- 
fully run their businesses within their own open enterprise. With the 
Partner Linux Driver Process firmly in place, all involved will notice the 
sky seems a little bluer, the air smells a bit sweeter and, well, their teeth 
appear even whiter. The trifecta is here and it’s here to stay! N 


Additional Novell Resources 
| can be found at: 


| * novell.com/partners/technology/dprocess.htm! 

lee developer.novell.com/wiki/index.php/Partner_Linux_Driver_Process 

| * developernovell.com/wikilindex.php/Category:Partner_Linux_Driver_ Process 
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DECISIONS 
SNOISIOAC 


Some Decisions Are Obvious, 
Like Moving GroupWise to Linux 


ife is full of tough choices. Wouldn't it be nice if, once 
in awhile, a few of them were fun? Like your business offers you a com- 
pany car, and you get to choose between a Ferrari Spider and a 
Lamborghini Diablo. Or maybe your rich uncle decides to gift you an all- 
expense-paid vacation to your destination of choice. 

Unfortunately, in the IT world your choices aren't quite that fun, but 
they can be just as difficult. For example, you've been running 
GroupWise flawlessly on NetWare for several years, but you wonder if 
it’s time to consider moving to Linux. Perhaps you're getting pressure 
from management to evaluate Windows Vista. Or maybe you want to 
take advantage of higher performing hardware along with the server con- 
solidation and virtualization capabilities provided in Novell Open 
Enterprise Server 2, but you're not sure whether to consolidate on 
NetWare, Linux or both. 


Novell GroupWise is all about giving you 
the choice and flexibility you need to meet 
your business objectives, including giving 
you the option to run your GroupWise 
servers on NetWare, Windows or Linux. 


The good news is that Novell Group Wise is all about giving you the 
choice and flexibility you need to meet your business objectives, includ- 
ing giving you the option to run your GroupWise servers on NetWare, 
Windows or Linux. (See More Choices.) 

While youre evaluating server options, there are a lot of solid reasons 
for taking a serious look at what Linux has to offer. When Novell [S&T 
moved the company’s GroupWise servers from NetWare to Linux (see 
Migrating GroupWise to Open Enterprise Server on Linux, novell com/con- 


_ Free Support and Training 


Novell offers a free 20-hour Web-based training course to help you 
bridge your NetWare skills to Novell Open Enterprise Server for Linux. 
Find the details on this offer at novell.com/netwaretolinux. 

Also, if you own, purchase or upgrade to Novell Open Enterprise 
Server before June 30, 2007, you can download a free copy of the five- 
day Integrating Novell Open Enterprise Server for Linux course. If you 
have maintenance, you can also take advantage of 90 days of free, 
| unlimited Novell Open Enterprise Server support to help you deploy 
the product with confidence. For more information, visit 
novell.com/oespromo. 
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nectionmagazine/2006/07/tech_talk_1.html), the following are just a few of 
the things they noticed: 


- Improved operating system stability 
Application crashes didn’t affect server or other applications 

* Better application fault handling and recovery 

: Faster, more automated GroupWise agent restarts 
No database corruptions with agent crashes and minimal database 
corruption resulting from hardware or power failures. 


These same benefits, and considerably more, should be expected if 
you're moving from Windows to Linux. Of course one of the other 
benefits of moving from Windows to Linux is you'll leave behind the 
considerably higher hardware requirements and licensing costs that 
Windows servers demand. 


> Linux—Free and Easy 

Perhaps the nicest advantage of running GroupWise on Linux is that you 
get Linux free. As a GroupWise 7 customer, you automatically receive an 
entitlement to SUSE Linux Enterprise Server to that lets you deploy 
the Linux platform on as many servers as needed to host your 
Group Wise services. 

But even with all the advantages that Linux has to offer, some of you 
hesitate to look at it because it’s unfamiliar territory. Perhaps most of 
your training has been in the NetWare and Windows world, and you still 
have the misperception that Linux is difficult to learn. The truth is: 
Linux isn’t rocket science. Most of the expertise you already have can be 
easily transitioned to the Linux world with just a little training. To make 
sure you get the training you need, Novell offers some free classes on 
Linux. (See Free Support and Training) 

When you do decide to make the move, Novell simplifies the process 
with its free Group Wise Server Migration Utility. The utility will trans 
fer your GroupWise agents, domains, post offices and data from either a 
NetWare or Windows server to your new Linux server. To share first- 
hand experience and tips and tricks, Novell [S&T Engineer Steve 
Whitehouse has written two Novell Connection articles on using the 
utility. (See “Migrating GroupWise to Open Enterprise Server on 
Linux”, novell. com/connectionmagazine/2006/07/tech_talk_1.html and “EZ: 
Migrating Your Stuff to Linux using the GroupWise Server Migration 
Utility”, novell. com/connectionmagazine/2006/q4/tech_talk_6.html.) 


> Server Options 
When you move your GroupWise system to Linux, you'll need to decide 
what Linux offering makes the most sense for your organization: SUSE 


GroupWise 7 customers automatically receive an entitlement to SUSE Linux 
Enterprise Server 10 that allows them to deploy the Linux platform on as many 
servers as needed to host their GroupWise services. 


Linux Enterprise Server on its own, or SUSE Linux Enterprise Server as 
part of Novell Open Enterprise Server. On its own, SUSE Linux 
Enterprise Server provides an enterprise-quality server that has been 
designed to handle mission-critical applications. It comes with Xen 
Hypervisor for server virtualization, AppArmor for strong application 
security, and a comprehensive array of Web infrastructure tools and serv- 
ices, With Novell Open Enterprise Server you get all of that, plus all the 
Novell networking services you've come to love and trust, such as 
eDirectory, Novell Identity Manager, iPrint, iManager and file services 
based on the Novell identity infrastructure. 

You'll also need to choose which Linux file system to use for 
your GroupWise server. Both Novell IS&T and the GroupWise 
engineering team recommend Reiser, citing higher levels of per- 
formance for the collaboration server over both ext3 and NSS. 
Some Novell partners favor ext3 in their GroupWise on Linux 
deployments. The advanced features of NSS are not leveraged by 
Group Wise and can thus add unnecessary overhead, but NSS does 
provide easier migration from NetWare environments that have 
SAN storage. 


> High-Availability Collaboration 

Some of the most frequent questions asked by Novell customers plan- 
ning a GroupWise migration to Linux deal with setting up clusters. If 
you're deploying SUSE Linux Enterprise Server 10 on its own, you'll be 
using Heartbeat 2, an industry-proven clustering solution developed by 
the open source community as part of the High-Availability Linux 
Project. Novell has been an active contributor to this project, and 
Heartbeat 2 is included in the SUSE Linux Enterprise Server 10 distri- 
bution. Heartbeat 2 can handle up to 16 cluster nodes. 


Figure 1 7o simplify the : ided an option to 


the install process for c 


Select the language for this installation from 
the choices below. 


[Engish | 


™@ Configure GroupWise for clustering 


Ifyou deploy Linux as part of Novell Open Enterprise Server, you can 
choose to take advantage of Heartbeat 2, but Novell Cluster Services is 
usually the favored choice. Novell Cluster Services is a 32-node cluster- 
ing solution developed by Novell that has been enabled for eDirectory 
and has richer failover services than comparable open source solutions. 
Novell Cluster Services supports both Linux and NetWare and allows 
you to manage SANs and clusters remotely, pool free disk space to 
improve efficiency, and dynamically configure clusters and storage vol- 
umes without rebooting (depending on the file system being used). It 
also enables you to take advantage of Novell Business Continuity 
Clustering to automate management of site-to-site failovers. 


> GroupWise and Novell Cluster Services 

For the September 2005 issue of Novell Connection magazine, | wrote 
an article on planning and setting up a GroupWise cluster in a Novell 
Open Enterprise Server Linux environment. (See “Nuts About 
Clusters”, xovell.com/connectionmagazine/2005/09/tech_talk_6.html ) 
The article provides insights on high-availability design considera 
tions, configuration parameters for Novell Cluster Services, failover 
and failback concepts, enabling high availability in YaST, enabling the 
GroupWise Monitor and general Novell Cluster Services require- 
ments. It also covers GroupWise clustering-specific requirements, 
but many of those have changed due to updates in Group Wise. So, I'll 
address those here. 

First of all, make sure you have GroupWise 7 with at least Support 
Pack 1 and Novell Open Enterprise Server with Support Pack 2. In 
GroupWise Support Pack 1, the Novell engineering team enhanced the 
GroupWise installation to make it even casier to implement clustering. 
To take advantage of these enhancements, simply choose the Install to a 
Cluster option during setup. (Shr FIGLR 1.) 
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In GroupWise Support Pack 1, the Novell engineering team enhanced the 
GroupWise installation to make it even easier to implement clustering. 


A nice benefit of the Install to Cluster option is its ability to store your the GroupWise cluster resource, and it floats with the resource from clus- 
Post Office Agents, Message Transfer Agents, GroupWise Internet ter node to cluster node when a failover or failback occurs. 


Agent, Messenger Agents, agent configuration files and log files in your Also be aware of the following few other configuration considerations: 
GroupWise cluster resource. This eliminates the need to install every + GroupWise and Novell Cluster Services can run on NSS, ext3 or 
agent—and the agent startup file—on each cluster node. It also keeps Reiser file systems. But if you want to migrate an existing cluster 
the log files from being spread across all the nodes in the cluster. from NetWare to Linux, use NSS because NetWare clusters 
Administratively, it just makes things simpler. require NSS. If you're using Reiser or ext3, manually create your 


new cluster resource using iManager. It’s recommended that you 
use a generic IP template since it already provides the proper 
syntax to mount a file system, load a secondary IP address, and 
start and stop services. 

* GroupWise must be configured in Client/Server mode. GroupWise 
will not failover or failback in a cluster environment unless it is using 
Client/Server mode. 


* Install all of your GroupWise agents into your Linux clusters from a 


Another advantage of the Install to Cluster option is that it exclusively single and writable software distribution directory. This allows your 
binds the GroupWise agents to the cluster resource’s assigned secondary agent configuration files to be easily accessible by the cluster 
IP address. The secondary IP address is used to identify the partition for resource’s GroupWise High Availability configuration file. 
Figure 2 The Heartbeat Management GUI makes it easy to add and configure Figure 3 When the updated Linux client for GroupWise is released later this 
your GroupWise cluster resources when using Heartbeat 2 year it will turn GroupWise into your personal productivity dashboard. 
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All domain links must be TCP/IP, not 
file path. 

Once Group Wise is installed and 
configured to run in a cluster environment, 
create and configure a GroupWise resource 
in Novell Cluster Services. This includes 
configuring GroupWise load and unload 
scripts; setting GroupWise Start, Failover 
and Failback modes; and assigning the 
Group Wise resource to specific nodes in 
the cluster. 


For more details on implementing GroupWise 
clusters on Novell Open Enterprise Server, 
refer to the GroupWise 7 Interoperability 


/ 


Guide at novell.com/documentation/gw7/pdfdoc/ 


gw7_interop/gw7_interop pdf. 


> GroupWise and Heartbeat 2 

Clustering with Heartbeat 2 on SUSE Linux 
Enterprise Server is newly supported in 
GroupWise 7 Support Pack 2. To set up 
GroupWise clusters with Heartbeat 2, first 
use the YaST interface to install Heartbeat 2 
on each Linux node that will participate in 
your cluster. Then configure the failover paths 
for those nodes. Once your heartbeat clusters 
are set up, use the Heartbeat Management 
GUI found in /usr/lib/heartbeat/haclient.py 
to create a GroupWise resource group and 
add it to the cluster. 

A resource group is simply a set of resources 
that need to be running on the same node and 
need to be started and stopped in a set order. 
Your GroupWise resource group will typically 
include at least the following three resources: 

An IP address resource that will add the 

secondary IP address to the node 
- A file system resource to mount the file 

system on the shared storage device that 
holds the Group Wise database 
+ One or more GroupWise resources. 


To add the GroupWise resource group to your 
cluster, perform the following steps from the 
Heartbeat Management GUI: 

1. First, create a group for your cluster 
resources by highlighting Resources and 
clicking the + icon on the menu toolbar to 
add a new item. When the Type of New 
Item dialog appears, choose Group from 
the pull-down menu. 

2.To add an IP address resource to this 
newly created group, highlight the 
newly created group and click the + icon 
on the menu toolbar. When the Type of 
New Item dialog appears, choose 
Native from the pull-down menu. 
When the Add Native Resource dialog 
appears, enter an appropriate name for 


the new resource in the Resource 1D 
field. (Seu ricureE 2.) 

3. From the Belong to Group pull-down 
menu, select the name of the newly 
created group. 

4. In the Type field, choose | Paddr 
(ocf/heartbeat). 

5. In the Parameters field, set the name to ip 
and enter the desired | P address. 

6. Click the Add button. 

7. To add the file system resource to the 
new group, repeat step 2, but with the 
following changes to the Add Native 
Resource dialog: 

(a) In the Type field, choose Filesystem 
(ocf/heartbeat). 

(b) In the Parameters field, set the name to 
fstype and choose the appropriate file 
system, such as reiserfs or ext3, from the 
Value field. 

8. To add the Group Wise resource or 
resources to the new group, repeat step 2 
again, but with the following changes to 
the Add Native Resource dialog: 

(a) In the Type field, choose GroupWise 
(ocf/Novell). 

(b) In the Parameters field, set the name to 
object_name and choose the object name 
that corresponds to the agent to 
be managed, such as PostOffice. Domain, 
from the Value field. 

(c) Repeat step 4 for each GroupWise 
resource that needs to be added. 


That's pretty much all there is to adding 

GroupWise resources to your Heartbeat 2 

cluster, but be aware of the following few 

other points: 

- To use the Heartbeat Management GUI, 
give the user “hacluster” a password on each 
node where you will be using the GUI. 

- The first time you start your new 
group, you will have to start each 
resource individually by highlighting 
the resource and then clicking Start 
Resource. Be sure to start the resources 
in the following order: IP address 
resource, file system resource and 
GroupWise resource. 

Heartbeat has support for application 
restart, but to enable it, add a monitor 
operation to the GroupWise agent 
resource and set its time interval to the 
frequency with which you want 
GroupWise polled. 

> The described configuration assumes an 
Active/Passive cluster mode. In this mode 
you won't want the resources to 
automatically fail back when a node comes 
back online after a failure. Be aware that 


by default it will fail back. To disable this 
behavior, add the resource_stickiness 
attribute to the resource group with a 
value of INFINITY. 
> An Easy Choice 
Your rich uncle probably won't care if you 
move your GroupWise servers to Linux. But 
you never know...giving your company the 
added advantage of running those rich collabor- 
ation services on a more reliable platform, in a 
highly available clustered environment and at a 
significantly lower cost, might be just what you 
need to score the company car you always 
dreamed of. Maybe there are such things as 
easy choices in the IT world. N 


Parkview Health System 


Indiana-based Parkview Heath System, a 
NetWare customer for several years, recently 
moved their GroupWise servers to a clustered 
Linux environment on Novell Open Enterprise 
Server. The health care organization took a 
measured approach to the transition, first cre- 
ating a new Linux infrastructure within their 
existing GroupWise system, and then gradu- 
ally moving users to the services provided 
there. Jason Todd, Technology Services 
Specialist at Parkview, says of the move, 
"Without disrupting service to our 8,000 users, 
we were able to consolidate our six 
GroupWise servers running in a NetWare 6.0 
cluster to a two-node OES Linux cluster. As a 
result, we've simplified our infrastructure, 
reduced administrative expense and ensured 
continuity for our mission-critical services." 


More Choices 


In addition to running your GroupWise 
backend services on Linux, you also have 
the choice to run your GroupWise client on 
Linux. To sweeten that choice even more, 
Novell will greatly improve usability with an 
update to the GroupWise Linux client later 
this year. (Srv ricurr 3.) 

Some key new features include group 
labels, a navigation bar, categories by 
color, discussion threads and perhaps 
the most anticipated new update: the ability 
to turn GroupWise into a personal produc- 
tivity dashboard with the enhanced Home 
View feature. 
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by Brent McCormick 


WHEN ISN’T 


IDENTITY CRITICAL? 


; Identifying the Cold Hard Facts 
Automating Identity Assurance: Delivering on a Common Standard 
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magine being responsible for controlling physical and logical 
access to literally thousands of Federal government facilities and informa- 
tion systems around the world. That means providing 11 million people, 
in an overwhelming number of different roles, with access to the facilities 
and systems they need to do their jobs while also delivering secure, reliable 
identity credentials that work across agencies, reduce identity fraud and 
guard against criminal and terrorist use. Wide variations in the quality and 
security of the forms of identification currently used to gain access to 
these facilities and systems leave our government and other organizations 
vulnerable to terrorist attacks and other malicious activity. 

To address this challenge for the United States Federal govern- 
ment, in 2004 President Bush issued the Presidential Directive 
known as “The Homeland Security Presidential Directive-12” or 
HSPD12. The directive instructs Federal officials including the 
Secretary of State, the Secretary of Defense, the Attorney General, 
the Secretary of Homeland Security, the Director of the Office of 
Management and Budget and the Director of the Office of Science 
and Technology Policy to work together in creating a common stan 
dard for credentialing employees and contractors working at Federal 


What's in this Article? 


| + HSPD12: Creating a Common Standard for 
Credentialing Employees and Contractors 


Technology Standards for HSPD12 


* Personal Identification Verification (PIV) System 


- Solution Architecture 


* Capabilities 


facilities. (For more information and to read the complete text of the 
directive, visit whitehouse gov/news/releases/2004/08/20040827-8. html) 
The directive defines the standards for a common Federal identifica- 
tion credential. The overarching goal of the program is to achieve 
appropriate security assurance by verifying the identity of individuals 
seeking access to federally controlled government facilities and gov- 
ernment information systems. 


> Technology Standards for HSPD12 

The National Institute of Standards and Technology (NIST) has 

defined the technology standards to support implementation of 

HSPDr2. The result is the Federal Information Processing Standard 

201 (FIPS201). FIPS201 is defined by two main parts: 

* specifications for technical interoperability between Personal 
Identification Verification (PIV) systems; these specifications 
detail the cards elements, interfaces and security controls required 
to securely store, process and retrieve identity credentials 

* personal identity proofing, registration and issuance of 
credentials (the PIV card). 
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The overarching goal of the 


rogram is to achieve appropriate 


security assurance by verifying the identity of individuals seeking access to federally 
controlled government facilities and government information systems. 


The foundation of the FIPS201 standard is the PIV card. As defined 
by FIPS2o01, the PIV card is a multipurpose “smart card” used for 
both identification and access control. It can be used to control access 
to both physical and logical resources. The PIV must be issued based 
on sound criteria for verifying an individual’s identity and be strongly 
resistant to identity fraud, tampering or counterfeiting. The card 
must be able to be rapidly authenticated electronically and is issued 
only by providers whose reliability has been established by an official 
accreditation process. 

NIST has published a System Reference Model called the PIV 
System Notional Model. (see ricure |.) Figure 1 shows the three 
major components: PIV Card Issuance and Management, PIV Front 
End and Access Control, and the directional flow of the data. 

: The PIV Card Issuance and Management component is 
responsible for identity proofing and registration, card and key 
issuance and management and the repositories and services that 
comprise the verification infrastructure. 

» The PIV Front-End component is the actual PIV card, the card 
and biometric readers, and PIN input device. The person or 


holder of the PIV card uses these components to gain logical 
and/or physical access to resources. 

The Access Control components are the physical and logical 
access control systems, the assets and resources being protected 
and the authorization data. 


These components work together to automate the identity assurance 
process. Novell delivers an open standards-based identity and access 
management system that validates identities and authenticates users 
for a comprehensive identity management and security monitoring 
solution called the Novell Identity Assurance Solution. 


> Architecture Overview 
The Novell Identity Assurance Solution has 4 main components: 
(SEE FIGURE 2.) 
Enrollment 
* Card Issuance and Maintenance 
* Access Control 
* PIV Event Monitoring System 
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Enrollment and Registration 
A series of customizable workflows and e-mail notifications auto- 
mates the process of requesting and issuing PIV cards for government 
employees and contractors. The system guides the applicant, sponsor, 
registrar, enrollment officer and card issuance officer through the 
steps required to validate the applicant’s identity and complete the 
identity proofing and verification process. The Enrollment subsys 
tem not only manages the workflows and sends e-mail notifications to 
complete the verification and vetting process, but it also integrates 
with third-party systems such as Daon, Viisage, Lenel, EDS and exist- 
ing HR or contractor management systems. 


Card Issuance and Maintenance 

The applicant’s identity information moves to the Card 
Management System (CMS) and the CMS automatically sends the 
information and digital certificate to a card production and badging 
station for card creation. Once the cards are created, the applicant 
is notified and can make arrangements to obtain their PIV card 
from the issuing officer and securely receive their PINs. The PIV 
card unique identifier is automatically captured in a central reposi- 


tory that holds the identity profile for all employees or contractors. 
The card issuance and maintenance systems support typical lifecy- 
cle maintenance processes including: 

* Card issuance 

* Card replacement and temporary card issuance 

* Card termination. 


When an employee or contractor is terminated or fails the vetting 
process, all access rights are revoked instantaneously and the card 
management system receives instructions to terminate the card. 
Upon receiving this notification, the CMS system disassociates the 
user from the card and revokes the digital certificate on the PIV card, 
rendering it invalid. 


Logical and Physical Access Control 

The Logical and Physical Access Control subsystem enforces access 
control policies at run time when the employee or contractor tries to 
access logical IT systems or physical facilities. Access control policies 
are established and enforced based on the identity and authentication 
credentials stored on the PIV card. 


Figure 4 The Administrator View lets you manage connectors 
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Event Monitoring and Management 

The Event Monitoring and Management subsystem is an optional 
component of the Novell Identity Assurance Solution. The event 
monitoring system provides a flexible and scalable solution to capture 
events triggered during PIV card lifecycle activities. This system pro- 
vides reports that allow users to see the state of the PIV processes in 
real time; it can also be extended to support enterprise-level security 
event monitoring and management needs in addition to audit and 
compliance reporting requirements. You can also create custom 
reports to monitor a variety of conditions. 


> Capabilities 

Automating processes from a lifecycle perspective allows users to be 
much more efficient as they work toward HSPD12 or other regulato- 
ry compliance standards. 

Figure 3 illustrates a summary of PIV card lifecycle activities. Audit 
data is captured to track every step in the process so managers can mon- 
itor and report system status. The solution can also provide identity and 
password synchronization across dissimilar systems to simplify a user's 
authentication to multiple applications, databases and directories. 


Figure 6 (0). 
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Multiple advanced authentication methods maximize convenience and 
minimize complexity of the administrative overhead associated with 
password maintenance. Graduated levels of access criteria ensure flexi- 
bility in selecting the appropriate level of security for each protected 
government resource. Disconnected users in the field use smart-card- 
based authentication to their workstation even when it is disconnected 
from the network. Temporary smart cards can be issued to users who 
have lost or forgotten their cards. Automated password renewal at reg- 
ular intervals is convenient and already incorporated into the solution. 
Workstation lockdown will prevent unauthorized access after author- 
ized individuals remove their smart cards. 


> Extensibility 

The Novell Identity Assurance Solution is designed with extensibility 
in mind. This solution easily integrates with employee and contractor 
systems of record (in other words, authoritative data sources). It can 
also automatically provision users with access to the appropriate phys- 
ical and logical IT systems based on their roles. This solution can be 
further extended to support typical employee and contractor lifecycle 
activities such as: 

+ employee or contractor termination 

- employee role changes (for example, transfers between departments) 

- changes to employee information, such as name and address 


> Solution Overview 

The solution integrates software from multiple vendors that works 
together for a comprehensive solution. The Identity Assurance 
Solution can work with many vendors who provide components such as 
the User Enrollment/Biometric Capture, Smart Card Management 
Systems and Physical Access Control Systems. For the purposes of this 
discussion, Novell selected specific vendors to demonstrate a complete 
system: Novell, Active Identity, Imageware and Honeywell. The follow 
ing sections provide details about each component of the system, 
including screen captures of what you might see when administering the 
solution, depending on your organizational role. Common roles include 
system architect, system administrator, security manager, security 
guard, sponsor, enrollment manager, card issuer and adjudicator. 


Novell Identity Manager 

Novell Identity Manager acts as the hub, providing connectors to all 
the major systems that enable bidirectional communication and 
enabling workflow approval-based provisioning/deprovisioning. Each 
step in the process is ordered and controlled by a predefined policy, 
which can be easily changed to accommodate unique organizational 
needs and policies even as those needs change and evolve. The solu- 
tion includes four specific Novell product components: 


novell.com/connectionmagazine 35 


Novell delivers an open standards-based identity and access management system 
that validates identities and authenticates users for a comprehensive identity 
management and security monitoring solution. 


* Novell Identity Manager 3.0.1 
Novell Enhanced Smart Card Method 3.0 
Identity Assurance Module 
* Novell Identity Manager User Provisioning Module. 


Figure 4 shows a summary of the system connectors from an adminis- 
trator’s perspective. This perspective allows you to manage connectors. 

Figure 5 is a view from an architect's perspective showing attribute 
data flow detail. Workflow items created according to the FIPS201 
standard enables the automation of the approval-based provisioning 
and deprovisioning. 


Active Identity—Card Management System 

Active Identity provides a secure, proven and extensible solution to issue 
and manage smart cards (PIV Compliant) and the ability to securely 
update the applications and credentials on the cards after issuance to end 
users. Figure 6 shows the beginning of the card issuance process. 


Pro-Watch Security Management 

Software Suite from Honeywell 

The Pro-Watch Security Management Software Suite from 
Honeywell offers a complete security management solution includ- 
ing access control, alarm monitoring and CCTV system interface. 


The Enterprise Edition of Pro-Watch allows management of a mul- 
tilocation, enterprise-wide security system from a single point while 
maintaining local operational autonomy. (sip riGURE 7 \ND 8.) 


Imageware 
Imageware provides the capability for capturing data such as picture, 
finger prints, important documents and signature. (see riGuRt 9.) 


Sentinel from Novell 

Sentinel provides a centralized, automated control center for cap- 
turing, correlating and reporting on events emerging from any 
component of the Identity Assurance system, instead of relying on 
individual system administrators to capture the data and correlate 
it manually. The system automatically creates an audit trail of 
activities happening on the system and any necessary remediation 
activities. The reporting engine in Sentinel can be configured to 
produce reports on system health, authentication and access 
events, and even specialized compliance reporting for HSPD12 or 
other regulatory audits. 


> Conclusion 
With this solution, you can easily manage identity and access controls 
for any number of users, from 11 to 11 million. Using a multivendor 


Figure 7 The Pro-Watch Security Management Software Suite lets security guards 
view individuals as they pass through security checkpoints 
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Figure 8 The enterprise edition of Pro-Watch lets you maintain an enterprise-wide 
security system from a single point 
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system designed to work together, the 
Identity Assurance Solution provides the 
workflow approval-based provisioning to: 
automate and standardize logical and 
physical access provisioning 
guarantee the identities of those 
obtaining access 
ensure that the right people have the 
right access to the right resources, and 
deliver the reports needed to prove 
compliance with HSPD12 
and other regulations and standards. 


Although the Identity Assurance Solution 
was originally created for use by government 
agencies contractors affected by 
HSPDi,, it’s clear this solution could be 
applied to many other types of organizations, 
particularly those with widely distributed, 
multilocation workforces and those who may 
be affected by other [T-compliance regula- 
tions and standards such as Sarbanes-Oxley, 


HIPAA or [SO17799. 


and 


Figure 9 
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For more details about the Identity Assurance 
Solution, visit 


or download the evaluation version at 
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by Ron Tanner 


ON THE MOOVE 


How to Migrate from ZENworks 7 (and earlier) to the New ZENworks Configuration Management Product 
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The task of a migration may seem overwhelming, but the ZENworks 
engineering team has been working on migration since the beginning 
of the development cycle. 


n March 2007 Novell announced its next generation of the 
ZENworks product named ZENworks Configuration Management. 
This new product is built on Web services technology, using a single 
adaptive agent, and a database rather than eDirectory to store all of 
the ZENworks information. Despite no longer requiring or putting 
objects into eDirectory, ZENworks Configuration Management still 
provides all the same capabilities, including both device and user- 
based management, that the traditional ZENworks Suite provides. 
And because the linkage to an Identity Directory is through LDAP, 
ZENworks Configuration Management can provide device- and 
user-based management to both eDirectory and Active Directory 
customers natively. In addition to new architecture, ZENworks 
Configuration Management also has an integrated patch solution 
with the Novell partner, PatchLink. The ZENworks Patch 
Management system you have is now integrated directly into 
ZENworks Configuration Management. 

This article explains how you can introduce and migrate 
ZENworks Configuration Management into your system if you've 
been using the ZENworks Suite. 


> Migration, Not An Upgrade 
The first thing you need to understand is that moving from the 
ZENworks Suite to ZENworks Configuration Management is a migra- 
tion path—not an upgrade. You cannot install ZENworks 
Configuration Management on top of your existing ZENworks Suite 
installation. This may seem like an inconvenience, but in reality, it is a 
great benefit. It lets you introduce ZENworks Configuration 
Management into your environment without affecting any of your cur- 
rent ZENworks Suite implementation. Then as you get comfortable 
with it, you can migrate more and more devices over to the new system. 

The task of a migration may seem overwhelming, but the 
ZENworks engineering team has been working on migration since 
the beginning of the development cycle. Development migration 
tools and methodology are in place to make the move as painless as 
possible. And since ZENworks Configuration Management has a 
modular infrastructure you can add components as you grow the 
number of managed devices. 

At ahigh level, you can accomplish your migration in the following 
seven steps: 


Figure 1 TheZENMigration.exe toolmust be installed on a Windows server or 
workstation. Once you have installed the migration tool, launch and provide 
authentication information to the eDirectory tree and the local ZENworks 
Configuration Management zone 


i 
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fiz 168, 196.30 


Figure 2 Drag over any number of application objects or containers from any 
location into the right pane. When a container is dragged, all objects of the type 
to migrate (applications, in this case) in the container and subcontainers will be 
migrated 
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Plan your ZENworks Configuration 
Management installation. 


Deploy your ZENworks Configuration 
Management back-end systems. Start 
small and add more as you need. 


Migrate existing content from your 
ZENworks Suite into your ZENworks 


Configuration Management system. 


Migrate initial pilot users and devices 
into ZENworks Configuration 
Management and make sure everything 
is working as desired. 


Migrate additional users and devices into 
the new system. 


Migrate patch management to 
cee Sabi anacee 
ZENworks Configuration Management. 


Decommission existing ZENworks Suite 
system if appropriate. 


Plan and Deploy 
You should understand the basic architec- 
ture of the new ZENworks Configuration 
Management product compared to your tra 
ditional ZENworks Suite. This information 
will help you as you plan and deploy your 
new system. 

ZENworks Suite is a two-tiered architec 
ture where clients on the individual devices 
communicate directly with eDirectory serv 
ices on your servers to discover and apply 
policy and applications to devices and users 
on those devices. The eDirectory services 
provides replication of the ZENworks 
assignments throughout replicas of directory 
partitions on your network. ZENworks Suite 
inventory and other information is also 
stored in a centralized database. The agent in 
the ZENworks Suite holds the business logic 
and intelligence to discover assigned work 
and perform those actions. 

ZENworks Configuration Management, 
on the other hand, is a three-tiered architec- 
ture where the client communicates to 
back-end Web services over HTTPS con- 
nections. Those Web services then 
communicate to the centralized database 
and the specified LDAP directories to gath 
er assignments of content and policies for the 
particular device and user. 

Then that information is passed back to 
the managed device all using SOAP (Simple 
Object Access Protocol) communication. 
Notice that with ZENworks Configuration 
Management, the business logic and intelli 
gence is contained in the back-end Web 


services. These Web services tell the device 
agents what to do and where to get the con- 
tent they need. 

Because the business logic is performed on 
the back-end servers, those server resources 
have a greater strain, but it reduces the 
amount of traffic communicated over the 
wire, and the agents on those managed 
devices require fewer updates to incorporate 
new capabilities. 

Additionally, no ZENworks information is 
stored in eDirectory or Active Directory; all 
ZENworks information will now be stored in 
the centralized database. For user-based 
assignments, only references to the user object 
eDirectory or Active Directory GUID will be 
placed in the database. This removes the 
requirement for some type of synchronization 
between your directories. And if you do not 
ink ZENworks Configuration Management 
with any directory, you will have only device- 
based ZENworks features. Because the 
database is the source of all information, you 
must take special care in where the database is 
ocated and how it is maintained. The data- 
base will need to be regularly backed up, and 
for high-availability you might need to consid- 
er a clustered-server system. Think of 
ZENworks Configuration Management as a 
type of Web server farm system that has mul- 
tiple back-end servers working with a single 
database with agents communicating over 
network connections. 

The next ZENworks Configuration 
Management release will introduce satellite 
servers to place portions of the configuration, 
content and other services on local servers 
closer to your managed devices. 

Once you have determined the layout for 
your ZENworks Configuration Management 
system and deployed a back-end service, it’s 


time to copy content from your existing 
ZENworks Suite system into ZENworks 
Configuration Management. Note: Novell 
Consulting Services are well trained on both 
traditional ZENworks and the new 
ZENworks Configuration Management sys- 
tem and can help you plan, deploy and migrate 
to the new solution. 


Migrate Existing Content 
You might have many types of ZENworks 
content scattered throughout your 
eDirectory tree, including workstation and 
handheld objects, policy packages and con- 
tent objects known as Application Objects. 
This information can represent a significant 
amount of invested effort in the applications, 
policies and content you deliver to your 
desktops. The ZENworks engineering team 
recognized this effort and has written tools 
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to move as much of this information as possible over to ZENworks 
Configuration Management. 

The primary tool for migration is the Novell ZENworks Migration 
Console and is part of the ZENworks Configuration Management 
installation. This tool simultaneously connects to your eDirectory 
where your ZENworks Suite information resides and the ZENworks 
Configuration Management system where the information is going. 
Once the tool is connected to these two systems, run through the pre- 
defined steps and choose the content you want the migration tool to 
copy. Your existing ZENworks Suite information will remain 
untouched, thereby allowing your current system to continue to serv- 
ice your managed devices without any disruption while you introduce 
ZENworks Configuration Management into your environment. 

The ZENworks Configuration Management migration tool can 
migrate information from ZENworks for Desktops 4.01, ZENworks 
Desktop Management 6.5 and ZENworks 7 Suite systems. The follow- 
ing sections describe the basic steps of the migration tool. 


Installing and Launching the Migration Tool 

First, install the Migration Tool. The tool, ZEN Migration.exe, is locat- 
ed at Attp//-ZCM Primary Server>/zenworks-downloady/tools or on the 
Primary Server in the c:\Novell\ZE Nworks\install\downloads\ tools 
directory. The ZENMigration.exe tool must be installed on a Windows 
server or workstation. Once you have installed the migration tool, 
launch and provide authentication information to the eDirectory tree 
and the local ZENworks Configuration Management zone. (Sit F1G- 
ure |.) Note: Although the migration tool accesses eDirectory, it does 
not require a Novell client be installed. 


Migrating Application Objects 

Next, bring over the relevant application objects you want from your 
existing eDirectory system. Using the migration tool, browse to the 
eDirectory system and drag and drop the application objects into the 


right pane to migrate them to the zone. Drag over any number of 
application objects or containers from any location into the right 
pane. When a container is dragged, all objects of the type to migrate 
(applications, in this case) in the container and subcontainers will be 
migrated, (SEE FIGURE 2.) 

The new ZENworks Configuration Management system no longer 
supports the AOT/AXT format. Therefore, your applications must 
already be in MSI format or the migration tool will convert them. 

Once you have selected the desired application objects, press the 
Migrate Now button. The tool will collect the application object 
information and files and create a corresponding bundle in the new 
ZENworks Configuration Management zone. The tool will automat- 
ically show the status as it migrates each object. 


Migrating Other Objects 

Click on the additional steps: Imaging, Policies, Workstations and 
Associations to migrate the additional objects over to your new system. 
If you are not copying over specific objects, such as images, skip that 
step. With the migration tool, you can bring over your GPO (Group 
Policy Objects) that you created as well as other policies and images, so 
you don’t have to start over with your new system. (spp ricurr 3.) 
Remember that no objects in eDirectory are disturbed, and you can 
migrate as many times as you want. You can remove the objects created 
in ZENworks Configuration Management and migrate them again, so 
don’t worry if you want to change things and try again. 


Complete Copying ZENworks Suite Content 
Once you have copied your ZENworks Suite content into the new 
system, and you are satisfied with the migration, you can begin 
deploying devices to receive this content. 

Next, ensure that all is working properly prior to rolling out to the 
larger organization. Again, if you change your mind on what or how 
you migrated, just go into the ZENworks Configuration Management 


Figure 3 With the migration tool, you can bring over your GPO (Group 
PolicyObjects) that you created as well as other policies and images, so you 
dont have to start over with your new system. 
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Figure 4 From the Web console, you can approve and assign patches to be 
applied to the managed devices, Then the required patches will be delivered and 
installed on the device 


Gio > DNitenivattonr sete cnirewotaioinder ohepstennentty SSS 


‘iat -&® IN Novel zetwrorks Conta Center 


Vudnerabitity Mame 2 
Signature Name 1174509980734 
MS 822426 Characters are dropped in Notepad on Windows 2000 


27825 Windows cannot unload registry class file on Windows 2009 


12153 UsrClasses hive does not unload during logoff 


Vulnerability Tasks 
Deploy Remadiation 
Export vulnerabilities 
View volerabiity 


8 Packets are dropped when using raw sockets and the IBPROTO_ICMP protocol flag in Win 2K 


jodate package that includes Background Intelligent Transfer Service (BITS) version 2.0 and WinHTTP 5.1 


2 The RPC E_ DISCONNECTED 1 call a method for a remote DCOM or COM* object Critical 


Frequently Used 1 §502-032-0320920: Cumulative Patch for Windows Media Player 6.4 Criticat 


F WW502-050 329115 Certificate Validation Flaw Could Enable Identity Spoofing Critical, 


I  44502.059 324036 (FPSE2000) Buffer Overrun in SmartHTML Interpreter Criticat 
«yf t-1900867 


Vulnerability information 
Property Heme 
Ko items avallable 


42 seconp QUARTER/2007 


For more information or to have a Novell Representative contact you, please visit novell.com/ncmconnect 


or call 1-800-596-1700. 


zone and remove the items you don’t like and 


migrate them again. 


Migrate Devices to New System 
Now that you have your initial ZENworks 
Configuration Management system in place, 
and you have migrated over some of your 
content, it’s time to introduce devices into 
the zone and test the delivery of your policies 
and content to those pilot devices. By having 
a test pilot, you will learn what you like and 
don’t like and possibly redesign a portion of 
your system, so everything is ready when you 
roll out to a larger audience. 

Select the devices you wish to introduce as 
pilots into your zone. Deploy or install the 
agent on those devices and have them register 
to the ZENworks Configuration Management 
zone. You can place the agent on these devices 
either through ZENworks Configuration 
Management deployment capabilities, manual 
installation, inclusion of the agent in an image 
or using your traditional ZENworks Suite sys 
tem. When the ZENworks Configuration 
Management agent is installed on a device, it 
will remove the previous ZENworks Suite 
agent and it will begin receiving management 
directions from the new ZENworks 
Configuration Management zone. 

Test your pilot well and make sure all is 
working as desired. Once you are comfort 
able with the system, begin rolling out 
ZENworks Configuration Management 
agents to your other devices. 


Migrate Patch Management 
Because traditional ZENworks 
Management is now fully integrated into 
ZENworks Configuration Management, a 
Patch Management agent module will be 


Patch 


delivered to the managed devices. Each pri 
mary server in your management zone can be 
a patch management server that retrieves 
patches from the network and delivers them 
to your managed devices. 

When the ZENworks Configuration 
Management agent is installed on your 
devices, it does not remove any previously 
existing ZENworks Patch Management 
agent. There should be no conflict between 
the two patching agents and each should 
k independently allowing you to deter 


wor 
mine when you switch over to the new 
integrated patch management solution. 

The patch management services on the pri 
mary servers will communicate securely back 
through the Internet to the patch servers and 
retrieve the patch information and content 
for delivery to managed devices serviced by 
that primary server. Within the same 


ZENworks Control Center, browser-based 
ZENworks Configuration Management con 
sole, you will see your vulnerabilities that have 
been discovered in your system and which 
devices need which patch. From this same 
Web console, you can approve and assign 
patches to be applied to the managed devices. 
Then the required patches will be delivered 
and installed on the device. (sri riGuRre +.) 
When you are ready to have ZENworks 
Configuration Management handle your 
patches, the traditional ZENworks Patch 
Management agent can be uninstalled 
either manually or through scripting com 
mands delivered through ZENworks 
Configuration Management. 


Decommission ZENworks Suite 
Your ZENworks Suite system will continue to 
function independently from the ZENworks 
Configuration Management. After you 
migrate all of your managed devices over to the 
new ZENworks Configuration Management 
zone and aren't managing any devices or con 
tent through your traditional ZENworks suite, 
consider retiring your ZENworks traditional 
services. But before you do, make sure you are 
comfortable removing the information, 
because it won't be available as a source for 
migration or to deliver services. 


Conclusion 
Its three-tiered architecture provides greater 
flexibility and manageability. And with its 
LDAP connection to identity sources, 
ZENworks Configuration Management can 
deliver the same capabilities and features if 
youre using Active Directory or eDirectory. 
Novell ZENworks engineering provides 
migration tools that allow you to retain the 
content and policies you have in your existing 
ZENworks Suite systems and bring the con 
tent easily over into the new system. 

Come on over to ZENworks Configuration 


Management and experience the new archi 
tecture and new features that will give you 
even more manageability of your devices. 
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GRINDING 
DOWN 
COSTS 


SUSE Linux Enterprise Desktop 10 SP1: 
The Anti-Vista 
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“If you can use Windows, you can use SUSE Linux Enterprise Desktop.” 
— Gary Chen, August 30, 2006, DecisionNote 


he open source development model lowers barriers to 
innovation. To IT administrators and end users alike this means 
more options and functionality at a fraction of the cost of propri- 
etary software. SUSE Linux Enterprise Desktop to is an excellent 
example of the speed and quality of innovation that Novell and 
the open source community deliver. 

After a year of awards and successes with the likes of InfoWorld! 
and Peugeot’, SUSE Linux Enterprise Desktop 10 continues to forge 
ahead, and the release of Service Pack 1 (SP1) does not disappoint. 
SP1 delivers a host of new capabilities designed to enhance usability, 
strengthen security and improve productivity. 

To frame the conversation, Vista need not be the next de facto 
standard in your organization or on your personal desktop. At 
roughly one tenth of the cost, SUSE Linux Enterprise Desktop 10 
offers a compelling, cost-effective alternative. In this article we'll 
explore what’s new in Service Pack 1 and discuss which users are 
ripe to move to SUSE Linux Enterprise Desktop. 


> Usability 

Novell continues to enhance the desktop experience with an array of 
new usability-focused features. Service Pack 1 sports a refined main 
menu that requires fewer clicks to access common resources. (S11 116 
cnt |.) A menu editor called Alacarte is also included, and allows you 
to easily customize system menus to display the appropriate programs 
and resources to your end users. 

Network Manager, an applet to choose wireless and wired networks, 
now has a tool that lets you prioritize and edit the order in which your 
networks are chosen. Another enhancement is the international clock 
applet, which lets you display a number of time zones with a single click 
in the system tray—very handy for scheduling meetings with cowork- 
ers in different parts of the globe. (sith picurr 2.) 

Compiz, the compositing engine behind the desktop effects, has a 
number of performance enhancements in SPr. Users will notice smooth 
animations and support for more graphics cards. Compiz also now sup- 
ports dual-head monitor configurations (both cloning and xinerama). 


omewhere fast? The enhanced main menu in SP1 
to favorite and recent programs, recent documents 
on your local machine and on the network 
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Compare the functionality of Compiz in SUSE Linux Enterprise 
Desktop to the equivalent in Vista, Aero. Both include window anima- 
tions, translucency and live thumbnails; however, Compiz 
differentiates itself through features such as the Window Picker, which 
takes all your open, cluttered applications and neatly tiles them across 
the current desktop, allowing you to view all applications simultane- 
ously and choose the one you need to use. (set PiU ar 3.) Vista’s close 
cousin to Window Picker is Windows Flip 3D, which shows all open 
windows in a rolodex fashion and allows sequential access to open 
applications, similar to ALT+TAB functionality. (ser ricure +.) 

Of course the hallmark of Compiz is the desktop cube, a feature that 
allows tasks to be logically separated on different faces of the cube and 
provides more desktop real estate from a single monitor. Vista has no 
equivalent to the desktop cube. (ser rance |.) 


> Virtualization 

Integrated virtualization in a desktop OS? Yes, SUSE Linux 
Enterprise Desktop 10 SP1 includes support for Xen virtualization 
out of the box. Xen allows multiple operating systems to run as guests 
on top of a single SUSE Linux Enterprise Desktop 10 host. 

Given enough system memory, any machine that is capable of 
running SUSE Linux Enterprise Desktop 10 natively can also run 
Xen-optimized SUSE Linux Enterprise Desktop and SUSE Linux 
Enterprise Server 10 guests virtually. Desktops and laptops with 
more recent processors from Intel and AMD that include hardware 
virtualization extensions (Intel VT and AMD-V) can also run 
unmodified operating systems including: Windows Server 2003 Ra, 
Windows Server 2000, Windows XP, Vista, and Red Hat Enterprise 
Linux 4/5. (SEE FIGURE 5.) 

Technology aside, a subscription to SUSE Linux Enterprise 
Desktop or Server 10 allows you and your users to run as many vir- 
tualized instances of SUSE Linux Enterprise Desktop or SUSE 
Linux Enterprise Server 10 as your hardware will support without 


incurring any additional subscription costs. In other words, you 
need only purchase a SUSE Linux Enterprise Desktop or Server 
subscription for the physical machine or the first virtual instance 
on that machine (in the case of VMWare ESX or Microsoft 
Virtual Server). 

Virtualization in Vista is offered via Virtual PC 2007 as an available 
download after install. Additional virtual instances of Vista or XP 
running in Virtual PC must be licensed individually. Only Microsoft 
customers with access to Windows Vista Enterprise (available 
through software insurance) or those with MSDN subscriptions are 
entitled to run multiple virtual instances of Vista without incurring 
additional licensing costs.’ 

VMWare virtualizaion products are also supported on SUSE 
Linux Enterprise Desktop (as a host and a guest), including VMWare 
Worksation, Server and VMPlayer. 


> Security and Management 

Service Pack 1 includes home directory and partition encryption, an 
option that allows you and your users to encrypt the entire OS or 
specific user data. Similar functionality is also available in Vista, 
albeit only in the Enterprise (software assurance required) and 
Ultimate editions. 

New management and security-geared features are also available in 
the SPr release. A desktop lockdown tool called Sabayon gives you 
granular control over what desktop elements are available to your end 
users. For example, you can easily lock the task bar and restrict menu 
and system access with this tool. 

SUSE Linux Enterprise Desktop ro SP1 features tight integration 
with ZENworks Linux Management. In addition to mirroring OS 
patches and managing software distribution, ZENworks Linux 
Management also includes desktop lockdown policies that you can 
apply to device groups, keeping desktop security policies uniform 
across your organization. 


Table 1 


Functionality 


_ SUSE Linux Enterprise Desktop 


Windows Vista 


Usability-tested user interface 


"Design first" methodology 


Extensively tested interface 


Integrated search Beagle 


Vista Integrated Search 


Complete Web browsing Firefox 


Internet Explorer 


Multimedia support 


“Totem 
*Helix Banshee 
*F-Spot 


-RealPlayer from RealNetworks 
*Macromedia Flash Player 


Microsoft MediaPlayer 
*Microsoft Photo Editor 
‘Windows Movie Maker 
*RealPlayer from RealNetworks 


3-D rendered interface 3-D desktop effects 


Productivity applications 
“Gaim 
‘Novell iFolder 


‘OpenOffice.org with Visual Basic support 


Aero Glass 


No Office suite included. The standard choice 
is Microsoft Office 2007 at an added cost. 


*Novell Evolution 
‘Tomboy 


Collaborative applications 


‘Outlook Express 
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SUSE Linux Enterprise Desktop 10 supports authentication to a num- 
ber of credential stores including Active Directory. SP1 adds support 
for AD offline authentication, enabling users to authenticate to local 
machines when disconnected from the network. 


> Application Updates 

SUSE Linux Enterprise Desktop 10 SP1 is packed with updates to your 
favorite productivity and multimedia applications. Here’s the rundown 
on what's new: 


OpenOffice.org 2.1 Novell Edition 

OpenOffice.org Novell Edition is installed as part of SUSE Linux 
Enterprise Desktop. It contains all the goodness from the community 
plus support for Visual Basic macros and additional fonts licensed from 
AGFA to maintain document fidelity (for example, pagination, spacing 
and kerning) between office suites. 

SUSE Linux Enterprise Desktop to SPr includes the latest 
enhancements from OpenOffice.org 2.1. It features embedded video 
content in documents and dual monitor support to display presenta- 
tion slides and notes simultaneously. As part of the interoperability 
agreement with Microsoft, the Novell Edition also supports MS 
Word 2007 OpenXML documents. 

Contrast SUSE Linux Enterprise Desktop’s support for Microsoft 
Office file formats with that of Windows XP or Vista which both 
require the purchase of Microsoft Office in addition to the operating 
system. Out of the box with SUSE Linux Enterprise Desktop 10 SP1, 
the Novell Edition of OpenOffice.org supports past Microsoft Office 
formats as well as the most recent MS Word 2007 XML format 
(docx). Support is also anticipated for OpenXML Excel and 
PowerPoint (xlsx, pptx) files later this year. 

A migration to OpenOffice.org isn’t an all-or-nothing proposition. 
Organizations can leverage the office suite’s support for popular formats, 
such as Microsoft Office or WordPerfect, to allow easy collaboration and 
exchange of documents with those still using other formats. (For a quick 
guide on how to change the default file format of OpenOffice.org see: 


Getting in Touch With Your Inner Geek, Fourth Quarter2006 issue, 
novell. com/connectionmagazine/2006/q4/fine_ print html.) 


Firefox 2.0 
Mozilla Firefox, an open source success story in its own right, has also 
been updated in SUSE Linux Enterprise Desktop 10 SP1. Firefox 2.0 
includes a host of new features including refinements in tabbed brows- 
ing, session resume, in-line spell checking and phishing protection. 
Adobe Flash 9 is also delivered as part of SP1, enhancing the Firefox 
experience for Web sites that leverage the latest Flash technology. 
Firefox in SUSE Linux Enterprise Desktop to also includes the 
Beagle Indexer Add on. Beagle Indexer integrates with desktop search 
to provide fast access to content from past page views. You can config- 
ure Beagle to exclude indexing of specific Web sites and secure URLs. 


Helix Banshee 0.12.0 
A full-featured audio player and library application, Helix Banshee, 
receives a bevy of new features in SPr including support for the latest 
iPod models. Podcatching and Internet Radia: are now integrated as 
part of the player. It now includes a mini mode display plugin, which 
takes up less of your precious desktop real estate. I think the coolest 
update is the music recommendation plugin that displays related bands 
and artists as you're listening to tr: a in Deahee (SEE FIGURE 6.) 

Of course, Banshee deftly handles CD ripping and burning, a variety 
of audio codecs such as MP3, OGG, AAC and FLAC; and easy music 


tagging and cover art downloading. 
Oo oO 


F-Spot 0.3.5 
F-spot is a feature-rich, photo management application that’s great 
for cataloging pictures and publishing Web Albums. Version 0.3.5 
includes new editing effects such as soft focus, straighten and autocol- 
Slideshows can now leverage OpenGL extensions in modern 
graphics cards. You can now export Web Albums to Picasa and auto- 
matically scale pictures when sending them through e-mail. (Flickr 
support was there previously.) 
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“We found SUSE Linux Enterprise Desktop to be well supported and extremely 
user friendly. Novell’s commitment to open source and close collaboration with 
leading hardware and application vendors to ensure the support of our IT 
requirements were key factors in our choice. In addition, SUSE Linux Enterprise 
Desktop integrates seamlessly in our Windows-based infrastructure.” * 
— PSA Peugeot Citroén IT Representative 


Ekiga 2.0.5 ate 
New to SUSE Linux Enterprise Desktop 10 SPr is Ekiga, an open Additional Resources 
source VoIP and video application. Ekiga uses both the H.323 video and For an in-depth view of how SUSE Linux Enterprise Desktop 
SIP audio protocols. It supports a number of audio and video codecs stacks up against Vista, check out the following URLs: 
and is interoperable with other SIP-compliant clients with support also - SUSE Linux Enterprise Desktop 10, the compelling alternative to 
coming for Microsoft NetMeeting. Vista: novell.com/products/desktop/compare-to-vista.html 
* The SUSE Linux Enterprise Desktop 10 landing page: 
> Cost novell.com/products/desktop 
Ata list price of US$50, SUSE Linux Enterprise Desktop is the com- * SUSE Linux Enterprise Desktop SP1 free evaluation download: 
pelling alternative to Vista. Pricing for Windows Vista is not only more novell.com/products/desktop/eval.htm! 
complex, but significantly higher. (srr TABLE 2.) = 


Add to that the cost of an office suite and the gap in price becomes 


even more striking. SUSE Linux Enterprise Desktop bundles Let’s Compare 


OpenOffice.org at no additional cost. As mentioned above, Potential hardware costs should also be considered as part of the 
OpenOffice.org has all components required in a modern office suite equation. A new hardware purchase will almost certainly be required 
including: word processing, spreadsheet, presentation, drawing and to run many of Vista’s new features (such as Aero Glass). If you've 
database applications. Outstanding compatibility with Microsoft file not upgraded hardware in the last year, you might need new hard- 
formats lets you edit and save documents to Microsoft Office formats ware just to run Vista. 


or the open standard OpenOffice.org formats. 


Table 2 
SUSE Linux Enterprise Windows Vista Business Windows Vista Ultimate 
Desktop 10 

License / Subscription Fee US$50 US$299 US$399 

Maintenance (per year) ncluded in subscription fee US$87 (29% of license) US$116 (29% of license) 

Total (one year) US$50 US$386 US$515 

Total (three years) US$125 US$559 US$746 

Pricing Information: * novell.com/products/desktop/howtobuy. html 


+ microsoft.com/windowsvista/getready/editions/business.Mspx 
+ microsoft.com/windowsvista/getready/editions/ultimate.mspx 
+ microsoft.com/uk/licensing/faq/default.mspx 
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“SUSE Linux Enterprise Desktop gives business users new reason to consider 


Linux for Enterprise Desktops.” 
— InfoWorld, June 2006 


Microsoft Office 2007 Professional has a list price of US$499 per 
user, while Microsoft Office 2007 Ultimate is a jaw-dropping 
US$679 per user. When you add the costs of Windows Vista Business 
and Microsoft Office 2007 Professional, it’s nearly US$800 per user. 
The cost of Windows Vista Ultimate and Microsoft Office 2007 
Ultimate reaches US$1,078. SUSE Linux Enterprise Desktop to 
delivers 90 percent of the functionality of Vista and Office at less 
than 10 percent the cost. 


> Who’s Ready? 

Roughly 800 million desktop workers fall into one of three categories: 
Transactional: ‘Those who use one or more applications developed 
in-house or delivered by a third-party application vendor. They 
might need a browser to access applications, but they are usually 
not given e-mail access or productivity tools. 

Basic Office: Those who need a browser, e-mail access and 
productivity tools. 


Advanced Basic Office: Those who need a browser, e-mail access 
and productivity tools, and who also use various in-house 
developed and third-party applications. It is important that they 
are able to connect to people and interoperate with the systems in 
their organization. 


Almost all organizations have users in cach category, some large enter 
prises and government agencies have thousands of desktop users in each 
category. Most transactional and basic office desktop users are ready to 
move to SUSE Linux Enterprise Desktop. Given application support, 
many advanced basic office users are ready to make the move as well. 

Novell does not position SUSE Linux Enterprise Desktop as a 
wholesale replacement for Windows XP or Vista across the enter- 
prise. Rather, it is targeted firmly at the transactional, basic office 
and advanced basic office users where organizations can best 
leverage the significantly lower total cost of ownership of SUSE 
Linux Enterprise Desktop. 


Figure 5 Want access lo multiple operating systems and applications from a 
gle machine? Xen virtualization is the answer, integrated in SUSE Linux Enterprise 
Desktop 10 SP1 
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For more information or to have a Novell Representative contact you, please visit novell.com/ncmconnect 


or call 1-800-596-1700. 


> Application Support 

Many applications run natively on Linux, 
such as Real Player, Citrix client and Acrobat 
Reader. Other applications available from the 
open source community offer outstanding 
compatibility with file formats and protocols 
such as OpenOffice.org’s support for 
Microsoft Office file formats and Gaim 
instant messenger’s support for AOL Instant 
Messenger, Google Talk and others. 

For Windows applications that are not yet 
supported on Linux or for those where there 
is not a suitable equivalent, running a Linux 
desktop is still possible and may still offer 
better total cost of ownership over a 
Windows desktop. Let’s a explore what 
options are available to organizations and 
end users to run Windows applications on 
SUSE Linux Enterprise Desktop. 


Emulation 

CodeWeavers is the primary contributor to 
the Wine project, a technology that emu- 
lates the Windows API on Linux and Unix 
systems. Leveraging Wine, CodeWeavers 
offers a product called CrossOver Office 
that provides tools to install and run 
Windows applications on — Linux. 
Advantages of Wine and CrossOver Office 
include local application execution and no 
additional network infrastructure require- 
ments. Not all Windows applications are 


supported by CrossOver Office (or Wine); 


however, the supported application list 
continues to grow as CodeWeavers con- 
tributes to the Wine project and regularly 
certifies new applications. 


Application Publishing 
A variety of software vendors offer applica 
tion publishing technology, including Citrix, 
Ericom and soon Microsoft (coming in the 
Longhorn Server release). All publishing 
solutions leverage Windows Terminal 
Services. They improve on the experience of 
presenting a full remote desktop (which 
Windows Terminal Services offers natively) 
by presenting only the required application in 
the context of the local desktop. To the end 
user, a published application appears as if it is 
running locally. Support is guaranteed 
because the application is running in its native 
environment and centralized administration. 
SUSE Linux Enterprise Desktop includes a 
number of terminal services clients as well, 
including Citrix, Ericom and rdesktop (RDP). 
Application publishing does require additional 
server infrastructure and carries it’s own licens 
ing costs that should be evaluated. (For a more 
in-depth discussion of application publishing 
and terminal services see Wait Loss, First 
Quarter 2007 issue, novell.com/connection 
magazine/2007/q1/tech_talk_11.himl.) 


Virtualization 
In some cases full OS virtualization might 


be the best solution for a target applica- 
tion. Virtualization, leveraging VMWare 
or Xen, allows you to run multiple guest 
operating systems on top of a single host 
OS. The classic scenario is running 
Windows XP virtualized on top of Linux. 
This gives users access to the full operating 
system and all of its features along with the 
target application. Virtualization will not 
save you any money in licensing costs, but 
it will give you access to all of your applica- 
tions at the same time, whether Windows 
or Linux, from a_ single machine. 
Virtualization may be the best option for 
IT Administrators and power users. 


> Make the Move 

SUSE Linux Enterprise Desktop is loaded 
with the applications and features you need 
to deploy a desktop operating system with 
confidence, integrating seamlessly with 
Windows and Unix environments. Service 
Pack 1 continues the SUSE tradition of 
innovation with enhanced usability, robust 
security and native virtualization. 

Designed to meet the needs of a broad 
audience of desktop users, SUSE Linux 
Enterprise Desktop SP1 packs real total 
costofownership savings and flexibility not 
available from a Windows platform. Your 
upgrade path need not be to Vista. It’s time 
to take a closer look at SUSE Linux on the 
desktop —are you ready? N 


Table 3 

— _SLED 10 Compiz Ready : Windows Vista Premium Ready 
Processor - 1 GHz 32-bit (x86) or 64-bit (x64) processor 1 GHz 32-bit (x86) or 64-bit (x64) processor 
System Memory 7 512 MB _ 1 GB 
GPU Most 3D capable graphics cards sold in the Windows Aero Capable DirectX 9-class 


last three years from the following vendors: 
‘Intel 
*NVidia 
*AT| 
For a complete list of known supported 
graphics cards, see: (ii) 


GPU that supports: 

*A WDDM Driver 

Pixel Shader 2.0 in hardware 
*32 bits per pixel 


Graphics Memory 32 MB 128 MB 
Hard Disk Drive _ Ss 10 GB 40 GB 
Hard Disk Drive Free Space >2.5 GB >15 GB 


Optical Drive 


1 InfoWorld Honors SUSE Linux Enterprise Desktop with 
2007 Technology of the Year Award, 
(novell.com/news/press/infoworld_honors_suse_linux 
enterprise_desktop_with_2007_technology_of the year_ 
award) 

2 PSA Peugeot Citroén Chooses SUSE Linux Enterprise 
Desktop from Novell, (novell.com/peugeot) 


DVD-ROM or CD-ROM Drive 


3 microsoft.com/licensing/sa/benefits/vista.mspx 
-novell.com/peugeot 

4 “Novell Hits a Desktop Home Run With SUSE Linux 
Enterprise Desktop 10"; Infoworld; June 12, 2006; 
infoworld.com/article/06/06/16/79142_25TCsled_1.html. 


DVD-ROM Drive 


5 http://technet.microsoft.com/en- 
us/windowsvista/aa905075.aspx 
novell.com/products/desktop/techspecs.htm! 
-http://en.opensuse.org/Xgl#Hardware_Advisory 
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by Steve Whitehouse 


A Deep Look into How Novell Clusters Its GroupWise Servers 


5? sec OND QUARTER/ 2007 


Virtualization—the ability to host multiple virtual servers running 
different operating systems on the same hardware 


couple of years ago, Novell made a big invest- 
ment in GroupWise 6.5 by porting it to the Linux platform. With 
GroupWise 7 SP2, support is being added for Xen virtualization and 
Heartbeat2 clustering technologies. These changes are opening up a 
world of new technology to GroupWise system administrators that 
allow GroupWise messaging systems to be deployed in increasingly 
robust and flexible configurations. 

GroupWise administrators have to deal with storage management 
issues caused by growing mailbox sizes and pressures to consolidate 
servers in crowded data centers cluttered with increasing numbers of 
servers. Linux technologies available in SUSE Linux Enterprise 
Server help GroupWise administrators address these challenges. 

One of the great technologies available to GroupWise administra- 
tors that deploy Group Wise on SUSE Linux Enterprise Server 10 or 
Open Enterprise Server 2 is Xen virtualization. Virtualization—the 
ability to host multiple virtual servers running different operating sys- 


Xen Memory Management 


One of the great things about Xen is the ability to control how 
many resources are used by domain 0 and how many are avail- 
able for virtual servers. When Xen starts, it automatically 
allocates all available memory to the domain 0 server. Then, as 
virtual servers need memory, Xen frees memory from domain 0 
and allocates it to other Xen domains. Using the Virtual Machine 
Manager you can set how much memory to allocate to a virtual 
server when it starts and reduce the amount of memory allocated 
to a running virtual server. 


To specify how much memory is available to Xen domain 0, you must 
modify the kernel boot parameters in /boot/grub/menu.lst. Add the 
parameter dom(_mem=512m to the kernel command for booting the 
Xen kernel, as follows, to allocate 512 megabytes of memory to 
domain 0. This will force domain 0 to use no more than 512 
megabytes of memory. 21 


boot/xen.gz dom0_mem=512m 


You can also specify the minimum amount of memory that domain 0 
can have or configure domain 0 so it will never release memory to 
running virtual servers. 


Modify /etc/xen/xend-config.sxp as follows: 
To set the minimum memory level for domainO at 128 megabytes of 
memory: (dom-min-mem 128) 


To keep domain 0 at a fixed amount of memory (Must be used with 
dom0_mem= parameter): (dom-min-mem 0) 
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tems on the same hardware —is a term becoming increasingly familiar 
to IT administrators. Full virtualization basically supports any oper- 
ating system out of the box. 

Xen paravirtualization requires that the operating system have sup- 
port added for Xen virtual device drivers. Paravirtualization is a high 
performance approach to virtualization. It is different from full virtual- 
ization in that it requires the guest operating system to be modified to 
support paravirtualization. This creates an optimal virtual environment 
to minimize the overhead introduced by virtualization technology. 

Currently, SUSE Linux Enterprise Server 10 SP1 supports the fol- 
lowing operating systems in paravirtualized mode: 


+ SUSE Linux Enterprise Server to 
SUSE Linux Enterprise Server ro SP1 
Open Enterprise Server 2 Linux 
Open Enterprise Server 2 NetWare 


When coupled with clustering software, such as Heartbeat2, Xen vir- 
tual machines can be configured as cluster resources that can fail over 
to other physical servers to provide a high availability solution as well. 
Additionally, the use of management tools, such as Novell ZENworks 
Orchestration Server, allow virtual servers to be managed by policy. 

For example, ZENworks Orchestration Server lets you migrate 
virtual servers in real-time from one physical server to another 
when certain conditions are met, such as CPU utilization exceeding 
a defined limit. 

Deploying Group Wise in virtual servers using Xen allows multiple 
GroupWise post offices to be hosted on the same physical server 
while controlling resources provided to each post office. This 
decreases the number of servers needed to host a GroupWise system 
and thus effectively speeds consolidation of GroupWise post offices. 

As servers have increased in performance ability over time, the rel- 
ative cost of hardware has decreased while Group Wise administrators 
generally continue to run one GroupWise post office per server. 
Combining Group Wise post offices requires administrators to move 
individual user mailboxes from one post office to another, a potential- 
ly time-consuming task for large numbers of users. 

With Xen virtualization technology, you can migrate 
GroupWise post offices easily to multiple virtual servers running 
on the same physical server using the GroupWise Server Migration 
Utility, eliminating the need to move individual user accounts to a 
common post office. 

In this article, | will discuss the background information necessary 
to preparing Xen virtual servers to host GroupWise. The process 
includes the following: 


1. providing a storage solution for the GroupWise data 

2. installing SUSE Linux Enterprise Server 10 SP1 or Open 
Enterprise Server 2 for Linux 

3. configuring the server and booting it with the Xen kernel 

4. creating, configuring and managing a Xen virtual server 

5. migrating to or installing Group Wise in the Xen virtual server. 


In a future article, I will address how to use Heartbeat 2 to create a 
high availability GroupWise Xen solution using clustering. 


> Data Storage Considerations 

When considering how to implement Group Wise in a virtual serv- 
er environment, give careful consideration to data storage. Xen 
virtual servers can host storage ina variety of ways. They can store 
data internally by creating file partitions inside the virtual server. 
Any data stored internally will be lost if the virtual server image 
file is corrupted or damaged. Storing data inside virtual servers is 
not recommended! 

They can also access storage in the same way as any other Linux 
server by mounting them as file systems from direct attached storage, 
from Fibre Channel SANs or using protocols such as iSCSI. iSCSI is 
a relatively inexpensive SAN solution that performs quite well when 
properly configured and is much less expensive than Fibre Channel 
SAN solutions. If using local direct attached storage, then you won't 
be able to migrate Xen virtual servers to other physical servers, but 
can use them to host multiple GroupWise post offices on the same 
hardware without fail over capabilities. 

When using shared storage solutions such as iSCSI or Fibre 
Channel SANs, you can obtain the maximum benefits of virtualiza- 
tion technology. Configuration of the virtual server can be complex or 
simple depending on the solution you choose. If using iSCSI to con- 
nect to an iSCSI target, configuration is straightforward. If 
connecting to local or SAN disk storage, the Xen virtual server con- 


figuration will need to be modified to allow the Xen virtual server to 
access the disk device. 

Xen virtual servers are typically created as sparse files of 4 GB. 
Back these files up periodically because if they are corrupted for some 
reason, the virtual server will no longer boot. Planning disk space 
allowing for copies of the virtual server image files is an important 
part of disk storage planning. Provide disk space on a separate parti- 
tion to store a copy of all your virtual server image files. 


> Installing and Configuring the Xen Domain Server 
You must select and install a group of software packages labeled as 
Xen Virtual Machine Host Server to a SUSE Linux Enterprise Server 
10 or SP 1 server to enable the server to function as a Xen domain. 
To install Xen when installing SUSE Linux Enterprise Server 10 or 
SPx, add Xen Virtual Machine Host Server from the software selec- 
tions to the server software being installed. If your server is already 
installed with SUSE Linux Enterprise Server 10 or SP1, launch YaST 
and open the Software Management module. Under the Filter list 
choose Patterns and then select the check box for Xen Virtual 
Machine Host Server. 


> Booting into the Xen Kernel 
Xen virtual servers can only be launched inside a server running the 
Xen kernel. Xen architecture is beyond the scope of this article; how 
ever, many good articles are available on novell.com that describe it. A 
server running the Xen kernel is referred to as domain o and Xen vir 
tual servers running in domain o are referred to as Xen domains. 
After installing the Xen packages, ensure that the network is con- 
figured properly with a static IP address before rebooting into the 
Xen kernel. You should use the Boot Loader module in YaST to set 
the Xen kernel image as the default boot loader, so whenever the serv- 
er is rebooted it will automatically boot into the Xen kernel, 
otherwise you can’t run Xen virtual servers. 
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> Creating Xen Virtual Servers 

Xen contains many powerful features allowing a variety of complex 
virtual networking and virtual storage configurations. I'll explain a 
simple configuration that allows a GroupWise system to be hosted in 
Xen using either a disk device or iSCSI. Once booted into the Xen 
kernel, use the YaST modules for Xen virtual machines to create and 
manage virtual machines. 

In SUSE Linux Enterprise Server 10 SP1, these modules are locat- 
ed under the Other page. (srr rice: |.) The first time you use the 
Xen modules, you must install the Xen management tools. Launch the 
Install Hypervisor and Tools module to do so. Next, use the Create 
Virtual Machines module to create a virtual server. Use the “I need to 
install an operating system” option to create a SUSE Linux 
Enterprise Server 10 server. 

The Summary Screen allows you to change default configuration 
settings, such as the name of the server, the amount of memory and 
number of processors available to the virtual server. (Sei rit xy 2.) 
The Disks option in the Summary Screen also allows you to specify 
the location of the virtual Hard Disk server image file and its maxi- 
mum size. This file contains the virtual server you are installing. 

The Network Adapters dialog allows you to specify a MAC 
address if you want. If you'll have a large number of virtual servers 
on the same network segment, consider manually assigning the 
MAC addresses to avoid conflicts, otherwise leave the default set- 
ting of a randomly generated address. 

The installation source for the operating system is added in the 
Operating System Installation options dialog, (sey ¢icu ri 3.) In this 
section you either use a network URL or a disk image such as a CD or 
an ISO image of the installation files. You can add a disk device as the 
installation source by selecting Virtual Disk and browsing to the CD- 
ROM or DVD drive, or specifying the location of an [SO file. 

Once this is done, you can start the installation and create the 
virtual server. 

The installation process uses VNC remote administration technol- 
ogy to provide a GUI installation console and experience that is the 


same as installing SUSE Linux Enterprise Server onto a physical serv- 
er. You can control and modify installation options as you normally 
would during a SUSE Linux Enterprise Server install. One minor dif- 
ference is that the mouse is driven by the VNC process, so sometimes 
you may experience a double mouse cursor. 


> Managing and Configuring Xen Virtual Servers 

Once the virtual server is created, you can manage it from a graphical 
console using the YaST Virtual Machine Manager module. (51.1. | \«. 
unt -t) You can start and stop the virtual server and also modify some 
basic configuration parameters. Select a virtual machine in the 
Virtual Machine Manager and click on details to access controls to 
start, shutdown and pause a virtual server. 

Additionally, you can dynamically change the memory allocation and 
number of virtual processors from this control module. (si) 1 iG U ii >.) 
The Virtual Machine Manager also allows you to open a GUI console to 
a running virtual server using VNC Remote Administration. 

Xen also has powerful command line interface tools to perform all 
of these basic functions and more advanced functions as well. It is well 
worth the time to learn these commands. The main command is » 
and the most used options ae xm create, xm shutdown 
list,andxm console. Usexm creat pie xm shutdown to start 
and stop vay machines, 20 to display running virtual 
machines, and xm consol > to open a text console to a running vir- 
tual machine. (See Xen Command Line Tools for details.) 

A Xen virtual server consists of two basic parts: 

* avirtual Hard Disk or server image file 

a text configuration file. 


The configuration file contains the parameters Xen needs to launch 
the virtual server and configure its virtual hardware environment. 
Additionally, you can modify this file to permit access to disk devices. 
By default, the server image files are located in /etc/xen/images, 
which is a symbolic link to /var/lib/xen/images. The configuration 
files are located in /etc/xen/vm and can be modified manually. 
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For more information or to have a Novell Representative contact you, please visit novell.com/ncmconnect 


or call 1-800-596-1700. 


Note that Xen 3.0.4, which comes with SUSE Linux Enterprise 
Server 10 SP1, stores a copy of the configuration file in the xenstore 
database. You must import any changes that you manually make to a 
configuration file to the xenstore database using the command x 
delete to remove the original configuration and the command » 
new to import the new configuration. 

Back up these files to a separate disk partition for disaster recovery. 
Don’t copy the Xen virtual server image files while the virtual server 
is running, otherwise it will be in an inconsistent state. 


> Configuring Xen for Disk Access 

Many servers need access to data storage, as in the case of Group Wise. 
A virtual machine will need the ability to mount a data partition from 
an iSCSI partition, a local disk or from a SAN and should not store data 
in the virtual machine image itself. Access to iSCSI partitions is provid- 
ed by running an iSCSI initiator in the virtual server and configuring it 
using YaST, You control access to physical disks using optional parame- 
ters configured in the Xen virtual server configuration file. 

Virtual servers can only access physical disk devices if they are con- 
figured to do so. To grant access to a physical disk device, modify the 
disk parameter in the Xen configuration file. For example, change the 
default disk entry created by Xen from: 


by adding 


{ ‘file: /var/1lib yw 


images 


sdal,sdal,w to this parameter. For example, the following configura- 


tion will pass sda? to the Xen virtual server as sdb1 


ib/images/vm-gwi/dis. 


If you are using a SAN, there is a problem with using typical device 
names such as /dev/sda, /dev/sdb, etc. There is no uniform way to ensure 
that a disk device is presented with the same name on a different physi- 
cal server accessing the same SAN. For example, a SAN disk device 
might be named /dev/sdb on one server and /dev/sde on another. 

To work around this problem, the disk device can be referenced 
using a device ID. Linux uses a permanent identifier to map the disk 


device ID to a device name. The id’s of disk devices are listed in the 
/dev/disk/by-id/ directory. An example follows: 


Irwxrwxrwx 7 root root 9 2007-01-03 15:26 
3600805f300007140a5 1 0b029e4dc000e - > sda 
Irwxrwxrwx 7 root root 10 2007-01-03 16:44 
sesi-3600805f300007140a5 10b029e4dc000e-partt - sda! 
Irwxrwxrwx 7 root root 9 2007-01-03 15:26 


The actual disk partition ID can be used in the Xen virtual machine 
configuration file to enable access for the virtual machine to the disk 
partition. The configuration file needs to be modified as shown in the 
following examples. The first example shows how to grant access to an 
entire LUN as a whole disk, the second shows how to pass a partition 
of a LUN. Normally, only a LUN will be passed. 


# whole LUN 
# disk = [ ‘file:/var/lib/images/vm/disk 


| O,xvda, w 
/-3600805f300007f40a5 10b029e4dc000e, sdb, w' ] 


‘phy./dev/disk/by-id/s¢ 


Once the physical device is accessed from a virtual machine, it can be 
formatted and mounted inside the virtual server, as if it were physical- 
ly present on the server. 


> Now What? 

Once you have created a virtual server and have it running, you can now 
connect to the server via SSH and manage it and configure it as you would 
any Linux server. You can configure iSCSI to connect to data storage to 
store a GroupWise post office, or you can optionally configure Xen to 
mount a physical disk device on a SAN or on local disks as described pre- 
viously. You can then run the GroupWise Server Migration Utility to 
migrate a Group Wise post office or domain to the virtual server. 

You can also deploy Xen in a high availability solution using shared 
storage and clustering software. As I said, this will be addressed in a 
future article. So stay tuned. N 


Figure 5 You can dynamically change the memory allocation and number of virtu- 
al processors from this control module 


Virtual Machine View 


oo ° 
Pause — Shutdown 


| Overview | Hardware | 


CPUs 
How many virtual CPUs should this machine be allocated? 
Current allocation: 1 
Change allocation: + 
Maximum allocation: 1 
Total CPUs on host machine: 1 


Tip: For best performance, the number of virtual 
© CPUs should be less than (or equal to) the number of 
physical CPUs on the host system. 


Xen Command Line Tools 


Like most other Linux applications, Xen has a powerful command 
line interface. For a comprehensive list, use the man page, of 
course! The most useful commands are as follows: 


xm list 
This returns a list of running domains with information about their state and resource utilization. 


Name ID Mem VCPUs State Time(s) 
Domain-O 0 473 1 — 5158.0 
vm-4 4 512 1 -b—— 53.9 


The name of the domain is specified in the Xen configuration file, as well as memory and 
number of Virtual CPUs (VCPUs). Never configure a virtual server with more VCPUs than 
actual physical CPUs. 

xm create -c <config file> 

This command creates or starts a Xen virtual server and opens a text console to the server. 
(The -c option opens the console.) To exit the console window, press the CTRL + ] keys. 
xm console <domain name> 

This command opens a text console to the Xen virtual server, similar to the -c option 
when starting the domain. 

xm shutdown <domain name> 

This issues a shutdown command to the virtual server. 

xm destroy <domain name> 

This command terminates a domain immediately and is useful if a virtual server stops 
responding for some reason. 

xm top 

This provides resource monitoring in real time for running domains and is useful to 
see CPU utilization and other statistics. 
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by Cheryl Williams 


OP lEN, 


Last in a Nine-Part Series of How Novell Uses Open Source Tools Internally 


It has been more than three years now since the first 
announcement at BrainShare 2004 that Novell employees would 
begin the migration to Linux and the OpenOffice.org Office 
Productivity Suite. | remember at first when the announcement 
was made the uneasiness | felt moving to an unfamiliar open 
source product. How would I get my work done? How would | 
communicate with vendors and outside contacts? I was sure they 
didn’t use OpenOffice. At the time of the migration, OpenOffice 
was on version 1.0 and completely new to us. Like many others, | 
jumped in apprehensively. If you have not followed Novell’s 
migration to the Linux desktop and switching to OpenOffice, you 
can read about it as it was documented in other Novell Connection 
magazine articles: 

* July 2004: novell com/connectionmagazine/2004/07/tech_ talk_1.html 
Sept 2004: novell.com/connectionmagazine/2004/09/tech_talk_5.html 
Novy 2004: novell. com/connectionmagazine/2004/11/tech_talk_1.html 


In this case study, I will briefly introduce you to the pieces that 
make up the OpenOffice suite which works both on Windows and 
Linux. | also want to introduce you to another open source produc 
tivity tool that is available only in Linux and ships with our SUSE 
Linux Enterprise Desktop to (xovell.com/products/desktop) called 
Planner. We have used all of these tools over the past few years at 
Novell. These tools have grown to meet the demands of a large enter 
prise business. Novell has not only been a heavy user of OpenOffice, 
but has significantly contributed back to this open source project. If 
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you are unfamiliar with this suite of tools, let me briefly introduce you 
to each piece of the OpenOffice.org 2.0 Suite: 


Writer: 

This is usually the main stay of the suite as a full-featured word 
processor or text publisher. As a comparison, Writer is to 
OpenOffice.org what Word is to Microsoft Office or WordPerfect 
is to Corel WordPerfect Office. Over the past few years, there have 
been many additional new features and functionality added to 
Writer. When we first made the migration, things were missing in 
Writer that made it challenging; however, now | never miss any 
functionality of Word. In the OpenOffice 2.0 version of Writer, it 
has the ability to save in 15 different formats so you can easily share 
documents with others who may still be paying exorbitant amounts 
for other suites and still not using OpenOffice yet. The other huge 
benefit of OpenOffice is— it’s free! 


Calc: 

Everyone needs a spreadsheet to analyze, calculate and present 
your numerical data or create graphs in an easy to use format that 
look professional. Calc is a robust spreadsheet and it even comes 
with a wizard to help you get started with a lot of the advanced 
spreadsheet functions. Cale’s equivalent in Redmond is obviously 
Excel. There are a couple of areas where Excel outshines Calc, but 
for 95 percent of what most of us do, Cale does it well. (Honestly, 
how many users out there really use all the functionality of Excel, 


For more information or to have a Novell Representative contact you, please visit novell.com/ncmconnect 


or call 1-800-596-1700. 


anyway? Research has shown that the vast majority of end users fall 
heavily short of employing even half of the functionality in Excel.) 
Cale also comes with a number of ways to save your spreadsheet so 
you can share with others who may not be using it. 


Impress: 

Use this fantastic full-featured tool to create effective multimedia 
presentations. You can watch a demo of this tool on the 
OpenOffice.org site at openoffice.org/product/impress.html. The 
Microsoft cousin to Impress is PowerPoint. Impress allows you to 
do great presentations with a complete range of functionality 
including animation. If you are new at creating presentations, a 
number of wizards will help you get started. Impress, like the other 
components of the OpenOffice.org suite, allows you to save ina 
number of other formats. 


Draw: 

This application allows you to create illustrations, flow charts or dia- 
grams. | often use this when creating architecture diagrams or system 
flow charts. With all of the tool bars and available functionality, it is 
easy to use. Draw’s counterpart is Microsoft Visio. Although not quite 
as mature, it easily gets most jobs done. 


Base: 

This database application is new to version 2.0. Base is a great new 
tool that allows you to view and manipulate databases from with- 
in OpenOffice. OpenOffice.org explains it’s functionality as the 
ability to “Create and modify tables, forms, queries and reports, 
either using your own database or BASE’s own built-in HSQL 
database engine. BASE offers a choice of using Wizards, Design 
Views, or SQL Views for beginners, intermediate and advanced 
users.” Wow, what a great idea! 


Math: 

Last but certainly not least, Math allows you to create mathematical 
equations using either a graphical user interface or by directly typing 
in your formulas in the equation editor. 

As you can see, there is plenty of functionality to offer in the new 
OpenOffice 2.0 suite. And did I say the best comparison to any of the 
proprietary alternatives is—it’s free! 

Lastly, I want to introduce you to a lighter version of a project plan- 
ning tool that you can either download off the Web or you get with 
SUSE Linux Enterprise Desktop called Planner. (For more informa- 
tion about Planner, a GNOME project management tool, visit 
hitp,//live gnome.org/Planner.) This tool currently is only available on 
Linux, but is well worth investigating if you need a lighter version of 
project planning software. You can create single project plan work 
breakdown structures (Gant chart views), or you can have more com- 
plex plans with projects embedded within another project. This tool 
allows you to plan your tasks against your resources and is comparable 
to Microsoft Project. Planner also allows you to save your work in dif- 
ferent formats for sharing and is a great light-weight tool for project 
planning, and, did I say, it’s also free? 

These tools have become commonplace for all of us here at Novell 
during the past few years. Over time, many of the contacts | work with 
have downloaded copies of the tools as well. As we have found issues 
with the tools, we have submitted back to the open source projects. 
That is one of the beauties of using open source is the ability to have 
access to the code and fix issues that arise. There are many other rea- 
sons to check out any of these productivity tools, with the many 
contributions given back to the open source communities, they are now 
mature enough to be great alternatives for any of the expensive propri 
etary productivity tools on the market. So give them a try, and you'll be 
surprised they will not only work well for you, but also save a significant 
amount of money on your bottom line because they are all—free! N 


Figure 1 OpenOffice.org Writer is the free alternative to Microsoft Word. Many 
new features and additional functionality have been added to Writer to bring it up 
to the enterprise level to easily compete with the other proprietary office suites 
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Case Study: Novell's Use of Open Source Productivity Tools 
by Chery! Wiliams 
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Figure 2 OpenOffice.org Calc is a robust spreadsheet and it even comes with 
wizards to help you with a lot of the advanced spreadsheet functions Calc’s 
Redmond equivalent is obviously Excel, but Calc is free and carries 95 percent of 
the functionality, which is more than most of us use anyway. 
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by BrainStorm, Inc. 


A Look at OpenOffice.org Forms 
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outed as a compelling and arguably superior alternative to 
Microsoft Office, OpenOffice.org begs the question: is it as good as it’s 
cracked up to be? Although the original canary had to complete her shift 
(even though she didn’t report back in short, desperate breaths), I've 
taken over and headed canary-like to continue mining the depths of this 
free suite alternative, testing its limits by using it to complete common and 
advanced business tasks. If | report back to you in short, desperate 
breaths that the suite is impossibly difficult to use, you will know better 
than to send in more miners. But if | come out of this experiment alive and 
well, you may just have to ask yourself, as | asked myself, "Why not give it 
a try?" (See Trouble Me.) 

If you have not been following this series and have not yet seen 
OpenOffice.org, you might want to back up for a moment to establish 
your context here. Download and take a look at this open source 
office suite (OpenOffice.org) or in the interest of time, read previous 
articles in this series. (See Background Basics) 

Editor’s Note: The original canary has been replaced. In the inter 
est of full disclosure, she didn’t give up or come out of the mine 


panting, she just finished her shift and turned it over to another 
OpenOffice.org newbie to continue the series. 


> Canary Qualifications 
OK, I guess I’m not exactly a newbie the way Kendra was when she 
started writing this series. | have worked with OpenOffice.org and 
have actually worked with it extensively. I’ve even helped other peo- 
ple learn to use it. I’ve written OpenOffice.org tips for Novell Cool 
Solutions, and I’ve even compiled a few tips and videos for this maga- 
zine, but | was a newbie at one point and I still remember the feeling. 
The first time I saw OpenOffice.org was shortly after | started 
working for BrainStorm, Inc. Although BrainStorm is a software 
training company and is actually the Novell End-User Training 
Partner, they didn’t hire me for my software prowess, instead they 
hired me to write. (My background is in journalism, not technology.) 
My boss asked me to learn OpenOffice.org and evaluate whether we 
could use it to publish the Novell Linux Desktop 9 End-User 
Training Workbook Novell had commissioned us to write. He told me 


Figure 1 Form created to gather organization information. 
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Figure 2 The Control dialog box allows you to set properties for the field form 


Properties: Text Box 
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the horror stories the last authors of a similar workbook faced as they 
tried to place graphics and create PDFs in Microsoft Word. 

| downloaded OpenOffice.org, played with its settings for a day, 
and decided almost immediately that we should use it to write and 
publish the book. BrainStorm then put me in charge of designing 
styles and templates for the chapters, helping other contributing writ 
ers learn the new program, and putting it all together in a master 
document and a PDF. Along the way, | became the resident expert on 
OpenOffice.org Writer. 

That is, | became the resident expert on the features I was forced 
to use in OpenOffice.org. Therefore, | know how to use styles and 
templates. | know how to anchor and resize graphics. | even know how 
to create an index and a table of contents. But, | haven't explored 
everything, and up to the point that | was assigned this article, one of 
my final OpenOffice.org Writer frontiers was forms. 


> Foraging for Forms 

Besides working for BrainStorm, Inc., | also volunteer in my church's 
childrens’ organization. As part of our weekly childrens’ meetings, we, 
the other volunteers and I, wanted to start spotlighting each child to 
help all the children get to know each other. We decided the easiest way 
to gather information on the children was to e-mail a form to all the 
parents. That way we could keep all the answers within the parameters 
we specify, we could keep it a secret from the kids, and the parents could 
easily print it out to give to us at our next meeting. This was the perfect 
opportunity to try out OpenOffice.org forms. (sir FIGURE |.) 


A Little Design Work 

First, | created a heading for the form. | inserted a picture using Insert 
| Picture | From File. | anchored it to the page so I could move it any- 
where, and then I changed the wrap settings by right clicking and 
selecting Wrap | Optimal Page Wrap. | created a title for the form and 
then | wrote my opening paragraph. So far, this was just like creating 
any other document. 


Figure 3 After drawing your control, you c 
the Position and Size to set the exact size of you 
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Now, I was ready to create my form fields. | went to the View menu 
and selected Toolbars. From the list, | chose Form Controls. A little 
toolbar popped up with icons corresponding to the different form 
fields I could use. Like many forms, | wanted this spotlight form to 
start out with a field for First name. I moused over the Form Controls 
toolbar until | found the text box form control. I clicked the button 
and my cursor became cross hairs. I clicked and dragged just like I 
would if | were creating a rectangle or a traditional text box. Sure 
enough, a text box form control appeared with the little green anchor 
boxes on all the corners that meant I could reshape it any way | want- 
ed. | arranged the box until it was the right size. 


When in Doubt, Right Click 

Now I had a perfectly sized box perfectly placed in my document, but 
Iwas stuck. I didn’t know how to label the box or how to make sure it 
worked. I’ve used OpenOffice.org long enough to know that when I'm 
in doubt I can right click and options for what I’m working on are sure 
to show up. I right clicked and got a menu I would expect to see when 
creating shapes or manipulating graphics. That was great to know. I'd 
go back and play with alignment, wrap and anchoring later, but for 
now, I was looking for a dialog that would let me set the text boy's 
properties. 

I selected Control. A dialog appeared that looked like it would give 
me the options | needed. (ser piGure 2.) | filled in a name for the 
box—First name. Many of the other control properties were pretty 
self-explanatory. | could set a maximum text length. That means | 
could determine how many characters a person filling in the form 
could enter. | could choose Yes or No options for whether | wanted to 
enable the control (Yes), whether | wanted to make the field read- 
only (No), and whether or not | wanted the field to print (Yes). [ also 
recognized that if | pushed the buttons with the three little dots (...), 
I could change the appearance of the font, border and background. I 
left all of these as the default. Finally, I entered some explanatory text 
in the help text field. | was guessing this would create a tool tip clue 
when someone moused over the control. | was right. Once I finished 
entering all the parameters I knew about, I looked for an OK button. 
Since I didn’t see one, | just closed the dialog and hoped my settings 
would save, which they did. 


Looking for a Label 

The one item | didn’t find in the Control Properties dialog was how 
to label the control. There was a label field, but it wouldn’t let me 
enter anything in the box. I went back and moused over the buttons 
in my Form Controls toolbar and found a Label field button. | 
selected it, clicked and dragged in my document and the words 
“LabelFieldi” appeared. That wasn’t exactly what I was thinking 
would happen. So, I right clicked and chose Control. A new proper 

ties window opened up. Everywhere it said “LabelFieldr,” I changed 
it to say “First name.” | also clicked the Font option and changed the 
font to bold. When I closed the dialog box, | had a nice, bold label 
for my text box. | changed the anchor to a page anchor, and dragged 
it above my text box. First one down, several to go. 


Trouble Me 


Keep those e-mails and letters coming! What areas of OpenOffice.org do 
you want me to explore? Send your suggestions to editor@novell.com. 
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For those of you who are ready to take ie forms to the next level, check out 
the Events tab in the Control dialog box. With events you can write macros and 


have them executed when a certain event takes place on the form. 


Aligning, Sizing and Making It Look Good 

When I went to create my next text box for the child’s last name, I fol- 
lowed the same steps; however, as I clicked and dragged the text box 
cross hairs on my document, | came to a realization: There was no way 
I was going to be able to create a text box the exact size as the one | 
had just created by using the mouse alone. (I like to say I have excep- 
tional mousing skills, but even I can’t create a box the exact same size.) 
So, I deleted my new text box and decided to try copying and pasting. 
A quick CTRL+C and CTRL+V and a little dragging later, and | had 
a text box the exact same size as my first text box. Because of an 
unfortunate incident I once endured trying to make a form in Adobe 
Acrobat, | knew that copying and pasting form controls could some- 
times lead to problems if I didn’t change some of the properties in the 
copied box. So, I right clicked and changed the name and I was set. 


Note: After drawing your control, you can also right click it and choose Position 
and Size and manually set the exact size and positioning of your control. So | 
could have made as many text boxes the exact same size just by using the 
Position and Size dialog for each text box. (51) hicuRy 3) 


Now that I had two text boxes and labels for those boxes, | could try 
out some of those aligning, anchoring, wrapping and grouping com- 
mands | saw earlier on the right-click menu. Just as I was used to doing 
in any other graphics program, I held down the shift key while | 
clicked on each box and label to select more than one. First, | selected 
both the text boxes and chose Alignment | Bottom. Next I chose the 
label and the box and chose Alignment | Left. Because I knew that 
anytime | wanted to move the box I would want to move the label, | 
selected both the label and the box and selected Group | Group. 
Copying to keep consistent sizes, aligning and grouping started to 
make my form look quite professional. 


Beyond the Text Box 

Now that I had created all my name boxes, | decided to explore 
other form controls. The next item I wanted to record about the 
children was their age and grade in school. It was the perfect oppor- 
tunity for list boxes. I chose the list box tool from the Form 
Controls toolbar and created a list box with the cross hairs just like 


Figure 4 With the Tab Order dialog box you determine the order of the fields in 
the form 
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Figure 5 With the Events feature, you can automate updates from the form to 
master lists, databases, etc. 
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| did for the text box. | opened the Form Control properties and 
started to search for the area in which I would create my list items. 
I knew it had to be there somewhere. Sure enough, the properties 
were a little bit different for a List box. It still had all the formatting 
options and the options to enable, make it read-only and print, but 
it also had a field called List entries. | tried typing in my first entry. 
It worked. Then, I pressed Shift+Enter to add my other list items 
until | had listed all possible ages from 2 to 12. I added a label and 
voila, | had a list box. 

Next, | wanted the parents to be able to enter their child’s date of 
birth so we'd have a definite record of their birthdays. In fact, what I 
really wanted was one of those date fields where you can choose the 
date from a calendar. (I guess buying airfare online has convinced me 
that’s the only way to choose a date.) Because I didn’t see a specific 
date form control on the first toolbar, I clicked the More Controls 
button to open up a tool bar with even more form controls. A quick 
mouse over showed me that there was a Date Field form control. But, 
when | clicked and dragged, the cool calendar option didn’t show up. 
I went to the properties and selected “yes” from the Dropdown field. 
When I closed the properties dialog, the field had a drop down arrow, 
but I wasn’t sure what it did. 


Testing It Out 

Until now, every time I clicked one of my form controls, the only 
thing that happened was the appearance of the green selection boxes. 
I decided it was time to see if this form really worked. Since | was 
designing the form and | wanted to stop designing for the moment, | 
clicked the Design Mode On/Off button that | found on my trusty 
Form Controls toolbar. Now when I clicked, the green boxes were no 
where to be found and I could try filling out the form. The text boxes 
worked, the list boxes worked, and when I clicked the drop-down 
arrow in my date form control, a little calendar popped up. Things 
were going my way. 


Background Basics 


Interested in the short path to familiarity with OpenOffice.org? 
Read the previous articles in this series, which cover the 
following topics: 


* October 2006, OpenOffice.org: One Suite Alternative, 
novell.com/connectionmagazine/2006/10/tech_talk_3.html 
Explains why you should care and continue to read about 
OpenOffice.org 


* November 2006, First Look at OpenOffice.org Writer, novell.com/ 
connectionmagazine/2006/11/tech_talk_4.htm! 
Introduces the suite's word processing component, OO Write 


* December 2006, Canary Report: Still Singing in the OpenOffice.org 
Mine, novell.com/connectionmagazine/2006/q4/tech_talk_8.html 
Shares my attempts to format, export as .pdf, and create a template 

mmunity newsletter, The ABC View, using OO Writer 


for my « 


March 2007, Office Party, 
novell.com/connectionmagazine/2007/q1/tech_talk_9.html 

Describes my expr ting mailing labels to distribute my 

ng the Mail Merge Wizard in 
/hich | converted to OO Calc 


“rience creating 


tler, The 
da Microsoft Excel fil 
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OO Writer 


Finishing Up 

The rest of the controls worked pretty much the same way the list 
boxes and text boxes did. Click and drag to create and then change 
the properties. (See The Nuances of Each Control online.) | created 
radio button options (the round buttons that can only have one 
selection at once) and check box options (the boxes that can have 
more than one selection). To group these controls together, I used a 
group box with my question as the label. I was especially impressed 
with how professional these group boxes looked. Once I finished 
creating all my controls and labels, | went back to each control’s 
properties and assigned it a label in the label field | couldn’t type in 
at first. When I clicked the ellipsis (...) a list of all my labels opened 
from which | could assign each control, Note: to perform this 
action, you will need to ungroup your text box and label box. You 
can regroup them once the label field is assigned. (See Aligning 
Sizing and Making It Look Good.) 

At this point, | also wanted to test my form to make sure | could use 
the tab key to navigate in my form. I know I usually use tab to get 
around in forms, and I assume most other people used to filling in 
electronic forms do, as well. | had noticed that in each form control 
there was a Tab order field with the dots that meant it led to another 
dialog. | opened the properties of one of my form controls and clicked 
the dots. A tab order dialog with a list of all my controls opened. | had 
options to move up, move down, and perform an automatic sort. | 
moved the form controls in my list until the order was set the way I 
wanted it to be. (sim riGure +.) 


Making It PDFriendly 
Finally, with just a little bit more aligning and a quick proofread 
overall, (Spell Check doesn’t check labels, so be careful about 
spelling), | was ready to create my PDF. | knew from previous expe- 
rience that OpenOffice.org creates PDFs quickly and seamlessly, 
but I wasn’t sure if the form controls would translate. I selected 
Export to PDF from the file menu to make sure I saw a PDF dialog 
with options. After choosing a filename and clicking save, a dialog 
opened. Right there on the front General tab the option was already 
checked: Create PDF form. I chose the default submit format and 
clicked export. Just to be safe, | opened it in Acrobat reader. The 
form fields worked and even showed me the warning to print to save 
the changes in the form exactly as | expected. 

I’ve since e-mailed the form to all the parents, but haven't 
received any forms back, so I’m not quite sure about the results. I’ll 
be sure to keep you posted. N 


Kicking it up a notch 


For those of you who are ready to take your forms to the next level, 
check out the Events tab in the Control dialog box. With events you 
can write macros and have them executed when a certain event 
takes place on the form. For example, if | want a master list of the 
children's birthday’s, | could use the Event tab to automate the 
process. Start by writing or recording the macro. Then, in the Event 
tab, assign when you want the event to take place, for example, 
when text is modified. Voila! Every time the text is modified in the 
form, your master list is updated. (ser riGuer >.) Use it to print your 
master list with every update, or anything else you can think of. 
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rainShare always seems to pack a month’s worth 
of sensory overclocking into a single supersaturated week, 
and the 2007 conference did not disappoint. More than 5,000 
Novell customers, partners, analysts, media observers and 
open source community members from 83 countries stretched 
their attention spans to the napping point trying to digest 
300+ business and technical sessions, 30 advanced training 
sessions, 60+ PartnerNet exhibits and 75+ tech lab demonstra- 
tions. After hours we renewed old acquaintances at the 
opening reception, forged new connections at the Sponsor 
Bowl, and partied down with the Goo Goo Dolls. 
So if there are blank spots in some of your conference recollections, 
it’s perfectly understandable. Fortunately your Connection correspon- 
dents have compiled a subjective survey of strategic highlights. 


> Ron Hovsepian: The Strategy Chalk Talk 
A major question mark in every mind was the Novell-Microsoft part- 
nership announced in November and the subject of some controversy 


since. How would it affect Novell product strategy, and the firm’s rela- 

tionship with the community? 

Novell CEO Ron Hovsepian tackled the issue head on, with an 
opening keynote talk that located the partnership's business drivers 
and objectives squarely in a context of market trends and urgent cus- 
tomer requirements. Ron noted three broad technology trends that 
are affecting a wide range of customer investment decisions: 

* Virtualization, because it lets customers easily leverage new 
generations of higher-performance hardware technologies to 
lower costs without rewriting their applications. 

Simplification, because reducing complexity in their IT 

environments through open, standards-based interoperability 

is a basic necessity for customers who are increasingly 

recognizing that mixed operating environments are a 

long-term fact of life. 

* Commoditization, because price pressure on technology 
suppliers lets customers put more computing power to work 
in their businesses. 


nto the Novell-Microsoft 
utive Vice Pr t and CTO 
search and strategy officer 


Figure 1 Conference participants got a deep 
partnership via a conversation between Nov 
Jeff Jaffe, and Crai 7 


Figure 2 During the keynotes, attendees saw three new ads that spoofed the 


Mac ads. You can see them online at novell.com/video 
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All three trends constitute opportunities for Novell, Ron asserted, 
providing the company addresses them with an effective strategy 
for delivering customer value by aggressively reducing costs and 
complexity while mitigating operational and regulatory risk. 


> A Two-Pronged Strategy 

In fact, Novell management has designed exactly such a strategy, a 
two-pronged plan that hinges on two critical sets of deliverables: (1) 
enterprise-wide Linux, and (2) enterprise management services. 
Enterprise-wide Linux lets you reduce IT costs by deploying a single 
operating system code base across mainframes, servers, desktops and 
notebooks, thin clients and point of sale systems. It also lets you support 
them all with a single skill set. Linux provides you a versatile and pow- 
erful platform for growth that frees up human and capital resources for 
more productive application to core business innovation. 

Enterprise management services are essential, because for most organ- 
izations, a heterogeneous environment is now a fact of life. “Most IT 
shops have two targeted development footprints,” Ron explained. “One 
of them is a.NET Windows footprint, and the other is a J2EE open 
source footprint. Within that J2EE stack, we need to differentiate the 
Novell services that let you run your businesses in an open source manner, 
ona services-oriented architecture, in a much stronger manner.” 

But Novell must also deliver a single set of tools to manage every crit- 
ical customer asset, regardless of which platform it’s built on. “We are very 
clearly focused on that mixed source environment, both on the J2EE open 
source piece and on the Windows piece,” Ron said. “Integration is going 
to be critical; interoperability is going to be critical.” 

Within the integration market space, Novell will not compete 
head-to-head with the large players already providing full framework 
solutions. “We're going to be a component provider within that mar- 
ket. We're not seeking to get that entire stack. We'll work with others 
so our customers have choices, but we're not going to try to be all 
things to all people.” 

Specifically, Novell is focusing its efforts on three management 
service markets where its core technologies offer significant opportu- 
nities to simplify, secure and take costs out of the environment: 

- Identity and Security Management 

Systems and Resource Management 

- Workgroup and Collaboration 


> Opening the Ecosystem to Microsoft 
The management team also realized that a strategy based on interop- 
eration required an historic change in the Novell business 
model— direct collaboration with Microsoft. 

“As the CEO of this corporation, I'll tell you this was done for one 
reason and one reason only,” Ron stated. “To drive customer value. To 
drive interoperability and to make life easier for our customers. 
Together with Microsoft, we've delivered a technical roadmap 
focused on interoperability in four areas—virtualization, standards 
based systems management, directory and identity, and office 
document translation. 

“None of this means that we don’t want our customers to build out 
their environments on that open source J2EE footprint. We absolute- 
ly do. But when we're done having that fight in the customer's office, 
we're going to get together with Microsoft to deliver the compute 
footprint that you want and need.” 


> Microsoft Shares the BrainShare Stage 
Conference participants got a deeper view into the Novell-Microsoft 
partnership via a conversation between Novell Executive Vice 


President and CTO Jeff Jaffe, and Craig Mundie, Microsoft chief 
research and strategy officer. Moderator John Dragoon (Novell CMO) 
led the pair through an exploration of each company’s motivations, 
expectations, market assessments and objectives. What follows are key 
excerpts from the resulting exchange. 

Question: Customers are wrestling with the appeal of openness, 
flexibility and freedom of choice on one hand, and security, stabili- 
ty and high quality on the other. How do we help them resolve that? 

Jeff: “Look at the history of operating systems: we've gone from 50 
operating environments down to two—Linux and Windows. 
Windows has focused on deep integration, Linux on openness. Novell 
is dedicated to combining the openness of Linux with the tight inte 
gration that Microsoft is famous for. We want to take the innovation 
of Linux and make it enterprise-ready, with all the security, quality 
and scalability that enterprise applications require. We want to give 
them the best of both worlds. 

“But there’s one more thing customers want, and that’s interoper- 
ability. With the industry consolidating on two platforms, Novell is 
leading the way by making it easier, less expensive and more secure to 
operate a mixed environment. 

Craig: “It’s become clear to Microsoft that our customers are going 
to have mixed environments, and those customers have been pushing 
on Microsoft to help solve the interoperability question. But they also 
want continued innovation—not just around features and capabili- 
ties, but also around costs, security and manageability. The industry 
as a whole is behind where the customers want us to be relative to our 
ability to reduce costs. Going forward it will be increasingly impor- 
tant to allow this mix-and-match environment, and Microsoft is fully 
committed to supporting that.” 

Question: What does interoperability mean to the customer? 

Craig: “Many customers rank interoperability right up with securi- 
ty and reliability in managing the health of their overall IT 
environment. Especially in terms of controlling costs, and the ability 
to have this coexistence — not as two complete islands with very skin 
ny interconnections, but in a more robust interoperation in a 
production sense —is where the pressure is coming from.” 


Jeff: “Interoperability gives us performance, efficiency, 
cost reduction, and it’s something Novell has been 
working on for a long time. We aspire to be the best 
manager of Vista desktops. That’s what interoperability 
means to us. We’re focused on interoperability from 
many perspectives, but the customers are demanding 
more. That’s what brings us to sit down with Microsoft.” 


“At the end of the day, Microsoft is going to push for Windows and 
we're going to push for Linux. We agree to disagree. But we agree on 
getting interoperability between our platforms.” 

Question: What changes are coming in the data center? 

Jeff: “Platform consolidation and virtualization, which will have 
many benefits, including performance, isolation, a smaller footprint, 
higher availability, and the ability to run diverse workloads on a single 
physical platform. We anticipate Linux as the universal host, which will 
mean supporting virtualized NetWare, Linux and Windows workloads 
on Linux. That will make management increasingly important. We'll 
need to pull physical and virtual resource management together to 
make the environment productive.” 

Craig: “It is absolutely clear that we're going to have a heteroge- 
neous environment in the data center, and interoperation will be 
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absolutely necessary. Users will have a choice. We're going to have to 
give these two environments a much more natural operational coexis- 
tence than they have had before. 


“And the data center is going to be dynamic. The next release of 


Windows will have virtualization built in, and we need to be able to 
host these two environments in a common hardware framework.” 
Question: We're four months into this: what’s been achieved so far, 
and what are the benefits for our customers? 

Craig: “It was very clear to us that this was something our cus- 
tomers wanted. They came to us and asked for this. They had big 
investments in the Microsoft environment, and they wanted to make 
bigger investments in the open source environment, but there were 
two problems overhanging those decisions. 


“One was the need for something more than just 
protocol liaison between these islands. Our 
customers wanted tighter integration that 
would allow true cost reductions. We needed to do 
more for them to support that. There was also an 
issue with intellectual property assurance. 
Customers wanted some comfort that there was a 
real partnership here. If they bought something from 
one of us they didn’t want to discover later that we 
were fighting over it. So we went ahead and 
dealt with both issues in the deal we did with Novell.” 


“We've had tremendous feedback from some of the largest enter- 
prises in the world. They want to have this sort of complex 
environment, and they want us to help them make it more manage- 
able. And that’s what we've done.” 

Jeff: “Our corporate strategy begins with open source. That’s the 
innovation engine of the industry, and everything we do starts with 


See All the BrainShare Demos Online! 


Missed a product demo you really wanted to see? Never fear, all the gen- 
eral session keynotes and product demos are available as Web casts at 
novell.com/brainshare/general_sessions07.html. To find a particular topic 
just follow this general session agenda: 


Monday 

* Ron Hovsepian Keynote 

* Novell Microsoft Partnership Panel Discussion 
* Novell Open Enterprise Server 2 

* SUSE Linux Enterprise Desktop 10 


Wednesday 

* Teaming & Collaboration 

* Novell Identity Manager 3.5 

* Sentinel 6 from Novell 

* Novell ZENworks Configuration Management 
* Novell ZENworks Orchestrator 


Friday 
* New SUSE Technologies 
* Identity Management 

* Novell GroupWise 

¢ Data Center Technologies 


* 10 Custom Painted Laptops 
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that. As we take Linux deeper into the enterprise, data center man- 
agers are telling us ‘Novell is important, but so is Windows. These are 
the two platforms of the future and you guys have to work together 
on interoperability and virtualization.’ 

“So we're working together on protocols, APIs and formats. But 
then our own core business strategy is Linux as the universal host. 
Microsoft wants the same thing, but neither of us can get there with- 
out collaborating with the other. That’s what brings us together.” 


> BrainShare Product Announcements 

Wakaroup and Collaboration 
* Novell Open Enterprise Server 2 public beta testing will begin in 
early May. New features include built-in Xen virtualization in 
SUSE Linux Enterprise Server to, virtualized NetWare, Dynamic 
Storage Technology, Domain Services for Windows and 64-bit 
hardware support. Details at novell com/oes. 
Novell Teaming + Conferencing, two new additions to the Novell 
Open Workgroup Suite will be available in Q3 2007. These 
solutions provide teams with online collaboration spaces, content 
creation and management, discussion, calendaring, messaging and 
conferencing. Details at novell com/teaming 


Identity and Security Management 
Novell Identity Manager 3.5, a new version of the award-winning 
user-provisioning and identity management solution is scheduled 
to release in May. New features include integration with Sentinel 
from Novell event monitoring, providing advanced security and 
compliance management. Details at 
novell. com/products/identitymanager. 
Sentinel from Novell version 6.0 is scheduled for May 2007. 
Enhancements to the award-winning security information and 
event management solution include improved incident 
management and response capabilities, a new correlation 
framework, streamlined event management, new language and 
platform support, and integration with Novell Identity Manager 
3.5. Details at novell. com/products/sentinel 


oe and Resource Management: 
Novell ZENworks Configuration Management, introduced at 
CeBit 2007, is a new desktop management solution that simplifies 
Windows system management in mixed Microsoft and Novell 
environments. Features include native integration with Microsoft 
Active Directory and Novell eDirectory for real-time, identity- 
based management and service delivery. Details at 
novell. com/products/zenworks. 
Novell ZENworks 7.2 Linux Management delivers policy-based, 
full lifecycle system management with support for Red Hat 
Enterprise Linux and SUSE Linux Enterprise ro. It’s available 
now. Details at novell com/products/zenworks/linuxmanagement. 


bate Platform Solutions 
SUSE Linux Enterprise Service Pack 1 is now in public beta. It 
includes both server and desktop packages, and includes 
significant improvements in virtualization, high-performance 
computing, desktop usability, security, interoperability and system 
management. Details at novell com/products/linux. 
SUSE Linux Enterprise Thin Client was introduced for 
availability later this year. The solution includes SUSE Linux 
Enterprise Desktop and an image-creation toolkit that Channel 
partners will use to provide finished customer solutions. Details at 
novell. com/products/linux. N 


For more information or to have a Novell Representative contact you, please visit novell.com/ncmconnect 


or call 1-800-596-1700. 
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Laura Chappell's Popular BrainShare Breakout Session: Solving the Problems of a Network's Slow Performance 
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he blaring ring of the phone startled me. It was only 7:47 
a.m.—really too early to start hearing complaints about network per 
formance. Most users wouldn't even be in and accessing the network 
for at least another 13 minutes. As the network administrator, | count 
ed on these moments—my quiet time —to prepare myself for the day 
ahead. <ring...> This was my time to sit in my office, drink my coffee 
and begin downloading e-mails sent overnight from our international 
offices. | shouldn’t be hearing complaints from the users already! Oh, 
it was going to be a rough day. <ring...> 

With a feeling of dread, | reached over and hit the speaker button. 
“Hello. This is Laura.” After a short pause, my skin began to crawl as 
I heard Fred loud and clear—his voice shattering any peace and hap- 
piness that the day had promised. “Laura! Fred here.” 

“Fred? Fred who?” | always asked him this—just to irk him. He was 
the only “Fred” who called my office at the drop of a packet. What 
was it going to be this time? His system not running games as quickly 
as he wished? He couldn't figure out how to deal a new hand in soli- 
taire? Bejeweled not giving him the credit he deserved? Gummi bears 
in the keyboard...again? 


“Fred Erskine! | thought you'd recognize my voice by now!” «slight 
snicker at his pathetic attempt at a joke or a jab> 

“Yes, Fred. What can | do for you?” Uh oh...here it comes. | 
quickly hit the mute button lest Fred hear my typical first response 
to his moronic plight. 

“T just wanted to let you know that the network seems to be run 
ning...well...er...really well today. Thanks.” <click 

What? What? Fred is calling to say the network is running well? 
What's up? In my to years of running this network and fielding Fred’s 
complaints on a daily basis, I'd never heard him say this. What kind of 
cruel, sick joke is this? 

ring...><ring...> | opened my eyes...my alarm screaming at me to get 

up, put myself together and get into the office by 7:45—before the 
users arrive. Oh, just a dream. | knew it was too good to be true. 

Users never call to say the network is running fine. Sigh. I crawl 
out of bed. 

What are the most common reasons network performance lags 
behind expectations? In my almost 20 years of analyzing network traf 
fic, these issues come to mind first: 


trace file; the prob- 


Figure 1 Make si 
lems \ po 


Standard que 
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High latency, client issues 
* Server issues or link issues 
Packet loss 
- TCP window congestion 
- Low throughput 
Dependency problems 
Application faults 


At BrainShare 2007, two of the Bring Your Own Laptop (BYOL) ses 
sions focused on performance issues. In this article we'll examine high 
latency, packet loss and TCP window congestion labs to demonstrate 
the process of locating the cause of poor performance. 


Note: These trace files can be found on Laura's Lab Kit which is avail- 
able online at novell.com/connectionmagazine/laurachappell.html. If you 
are just interested in grabbing these traces, download ncO5traces.zip 
available at novell.com/connectionmagazine/laurachappell.html. 


> High Wire Latency 
[anotherlousyhotelnetwork.pcap] 
The trace file in Figure 1 depicts a common situation: sitting in a 
hotel trying to get decent Internet access. | just wanted to get to our 
home page, packet-level.com. The clock ticks. Figure 1 shows the 
beginning of this trace file. Use the recommended settings to view 
the trace files: 

Colorization on 

Time Display Format > Seconds Since Previous Packet 


The first packet in this trace is my system looking for a Windows 
update. No response is received, but that isn’t slowing down my sys- 
tem. When | launched my browser, it immediately attempts to 
connect to our home page. 

The second packet is my DNS query for packet-level.com, and the 
wait begins. Approximately one second later my system generates 
another DNS query to the same DNS server. One second is a long 
time to wait for a DNS reply. 

A DNS response is seen approximately 23 milliseconds after my 
second request. This triggers my lightening-fast system to send the 
TCP handshake packet out immediately (just over 4 milliseconds 
after the DNS response). 

Try this: Can you locate any other DNS queries in this trace file 
and verify that the DNS server response is slow to that query as well? 

Phew! Maybe the DNS server is just slow and the rest of the brows- 
ing session will go well. 

Nope! 

The server's SYN ACK arrives over one half of a second later. Ouch! 
This is terrible response time. Now consider that the TCP handshake 
process does not require any application-level processing. If the per- 
formance is shoddy at this point, then I'd look at a wire latency issue. 

Packets 9 and 10 are interesting. Packet 9 is the DNS server's second 
response to the duplicate DNS query. My system responds with an 
ICMP Type 3/Code 3 — Destination Unreachable/Port Unreachable 
response. In other words, it’s plugging its ears and singing, “La la la la, | 
can't hear you!” My system’s moved on; once it received the DNS 
response, it shut down the port it used for the DNS queries. 


0 packets of all the hand- 


Figure 3 Filtering on the SYN bit displays the first tw 
shake processes in the trace file 


Laura Chappell - The Wireshark Network Analyzer 
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Packets 8, 11 and 12 are duplicates. Note that all three of the pack- 
ets use the same T’CP sequence number in a packet that contains data. 
This is the definitive sign of TCP retransmissions. 

Do we have packet loss somewhere along the path as well? Or is the 
latency just so high that my system makes duplicate requests because 
the responses are too slow? 

The response ACK (packet 13) arrives 9.842289 seconds after the 
original request as shown in Figure 2. (Right click on packet 8 and Set 
Time Reference. Don’t forget to toggle this off and reset your Time 
Display Format to Seconds Since Previous Packet after you have 
measured the time from packet 8 to packet 13.) 

Now let’s see how many retransmissions are in this trace file. We 
can do this several ways: 

Sort the Info column to group the “[TCP Retransmission]” notes 

Select Analyze > Expert Info 

Select Analyze > Expert Info Composite > Notes 

Apply a display filter for tcp.analysis.retransmission 


Hint: Toggle off the Time Reference before applying a filter. Wireshark 


might keep your Time Reference packet in the display even though it 
does not match your filter value. 


| chose to apply the filter and the status line indicates that there are 
32 packets that matched my filter. Pathetic! 

Clear out your filter and consider applying a filter for all pack 
ets that contain the SYN bit set to 1 (tep.flags.syn == 1). This filter 
displays all SYN and SYN ACK packets and lets us see if the 
latency times on all the handshake processes are slow. You may 
need to reset your Time Display Format to Seconds Since 
Previous Packet again. 

Figure 3 indicates that we consistently have serious delays during 
the handshake processes: 

* 1032>http 503667 seconds response time 
1033>http —.822640 seconds response time 
1034>http 352788 seconds response time 


Because the server does not need to do application processing to estab- 
lish these connections, we can assume that wire latency is an issue. 


nendous! 
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Figure 5 /(/ 


Figure 6 The “Window i 
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In addition, scroll through the trace file with 
this filter applied; notice the client making 
connections to another server. The latency 
time when connecting to the other server is 
high as well. This might indicate the latency 
issue is local. 


> Packet Loss and TCP Window 
Congestion [download-bad.pcap] 

This HTTP file download process is experi- 
encing two problems: packet loss and TCP 
window congestion. The packet loss is easy 
to spot if you scroll through the trace with 
colorization turned on. 

Not only do we have packet loss, but we 
also appear to have a latency issue. The client 
sends 40 duplicate ACKs before receiving 
the retransmission. The server retransmits 
the packet when it receives two duplicate 
ACKs. This client had over 400 milliseconds 
to send duplicate ACKs before receiving the 
retransmission (packet 215). 


Note: Packet loss with a high number of dupli- 
cate ACKs indicates high latency in addition to 
the packet loss. The receiver is able to get 
numerous duplicate ACKs onto the cabling 
system before the retransmission is received. 


Certainly packet loss affects performance. 
Although our server continues sending data 
to the client, the client cannot process the 
requested file until all the data segments have 
been received. In addition, this client sent 40 
extra packets (duplicate ACKs) to get a sin- 
gle segment of data. 

Now select Analyze > Expert Info 
Composite > Notes and sort the Summary 
column in descending alphabetical order 
(“Z” on top). Expand the Zero Window line 
as shown in Figure 5. 

Now this is looking really ugly. We can see 
seven “Zero window” events in the trace file 
beginning with packet 364. This indicates 
that a system states that it has no TCP 
receive buffer space available during a file 
transfer. In effect, the system is saying, “Shut 
up! I’m not listening.” 

Let’s look at this point in the trace file. 
The client, 10.0.52.164, has requested a file 
from the server, 61.8.0.17, as seen in packet 4. 
We have already seen packet loss several 
times in this trace file. 

As shown in Figure 6, packet 363 is tagged as 
“TCP Window Full.” This packet comes from 
the server to the client. Wireshark tracks the 
advertised window size (defined in the TCP 
header Window field) and notes that this pack- 


et will overload the client’s available buffer 
space. In packet 364 the client advertises a full 
buffer (TCP ZeroWindow event]. 

This situation triggers the server to begin 
the TCP Keep-Alive process. Focus on the 
time column (and have it set to show you 
Seconds Since Previous Packet). You can see 
how the server backs off and becomes more 
patient with each TCP Keep-Alive packet. 

As you can see in this trace file, more than 
30 seconds transpire before the client adver- 
tises a Window Update (packet 377). The 
server cannot send more data packets until 
the client's window size value increases. 

What causes this full window condition? 
Most likely, the application (browser) is not 
pulling the data out of the TCP receive 
buffer in a timely manner; however, other 
applications may be causing this problem 
because multiple connections share a com- 
mon TCP receive buffer. In addition, 
processor-intensive applications may be 
affecting the browser's ability process 
received data. 

In this case, we know we have latency and 
packet loss issues. These problems may be 
out of our control if they are injected on a 
portion of the network path that we do not 
control. The client issue is something we can 
fix. Now we would examine the client system 
to see what other applications are running. 


Note: In this case, our client was playing a 
video during the download process. The video 
playback was significantly dragging down sys- 
tem performance. To the user, however, the 
network just appears to be slow. 


> Troubleshooting Blind 

How can you identify the cause of poor net- 
work performance if you don’t look at the 
communications? Take the guesswork out of 
troubleshooting by listening in on the traffic. 
The packets may not be able to tell you why 
the problem is occurring, but they will be able 
to tell you where the problem is occurring. N 


At BrainShare, Laura Chappell announced 
Wireshark University, an educational organiza- 
tion focused on training network analysts to 
troubleshoot and secure networks faster and more 
accurately using Wireshark (formerly Ethereal). 
Learn more network troubleshooting skills in the 
WSUo3: Troubleshooting Network Performance 
course, available in self-paced and instructor-led 
format. Visit wiresharkU.com for course outlines, 
recommended prerequisites, self-paced-course 
ordering and instructor-led-course schedules. 


Dangerous. 

Laura Chappell’s (NEW) Hands-On Courses 
from Wireshark University—create serious 
packet-sniffing sharks, Gain extreme skills 
to troubleshoot and secure your network 
using the world’s most popular analyzer: 
Wireshark (formerly Ethereal). 


Bite now: www.wiresharkU.com 
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GroupWise Tips and Tricks 


Excerpts from The GroupWise Powerguide 


> Add Checklist Options to Your Inbox 

By Erno de Korte 

Do you, like so many other people, “live” in your Inbox? And did 
you perhaps check out the Checklist Folder in GroupWise 6.5 and 
thought, “Oh, what a nice idea!” But after a few days you did not 
use it anymore? Or, maybe you don’t know what the Checklist is. 
Checklist is really an alternative w ay to view almost any folder. 
You can add any items to the Checklist and from that point on, 
you can order these items yourself and assign due dates to them. 
(SEE FIGURE |.) 

Although some people might find the Checklist less useful as a 
separate folder, there is a way to take full advantage of this cool 
feature: you can change your normal Mailbox folder into a check- 
list view and it will offer you some amazing new possibilities. Let's 
have a closer look at some of the advantages of a Checklist: 


Checklist items will always reside at the top of your folder, above 
all non-Checklist items. 


* You can change the order of Checklist items, which enables you to 
put the most important items at the top of the list. 


* You can add due dates to checklist items. 

> New e-mails appear just below your Checklist. This way, you 
can easily decide what to do with a new message: you can choose 
to immediately respond to or forward the message or you can 


drag the message to your Checklist and take care of it later. 


You should really try this yourself and don’t worry; you won't damage 
anything. Here’s how to change your normal view into a Checklist view: 


* Right click the Mailbox folder and click on Properties. 
Go to the Tab called Display. 


* Locate the View by drop-down list and select Checklist. 
(SEE FIGURES 2 AND 3.) 


Click OK to activate these changes. 


At first you won't see much difference, but if you look more closely you 
will see that at the top of your item list an extra line has been added, 


Figure 1 The Checklist is an alternative way to view almost any folder. 
You can add any items to the Checklist and from that point on, you can 
order these items yourself and assign due dates to them. 
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Figure 2 Jo have your checklist show in GroupWise 6.5, you can choose 
the Checklist View in the Mailbox folder properties dialog. 


Mailbox Properties 


Display received items in the selected 
folder 


| Item source 
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V Tasks Documents 
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GroupWise 7.0 offers a new exciting option which allows you to add Group 
Labels to your Mailbox view. This option will automatically see bly your mail 
into sections such as Today, Yesterday, or any other date in the past. 


inviting you to drop an item on the checklist. Select one of your exist- 
ing mailbox items and drop it in this zone “et voila”! You now have an 
integrated checklist and you can order these checklist items by drag- 
ging and dropping or by using Up and Down buttons on the button 
bar, if they are enabled. 

You can also move Checklist items to other folders after you have 
processed them and stored them there. 


Tip: Here's a cool feature of the special Checklist folder: move some 
of your Checklist items from your Mailbox to some of your other fold- 
ers and then open the special Checklist folder. You will see that the 
Checklist folder will collect all Checklist items from any folder, much 
like the way the Calendar folder functions. You can create Checklist 
items in any folder and collect all of them in a single view in the 
Checklist folder. Now that’s cool, isn't it? 


Tip: On the same Display settings page is an option to Hide 
nonchecklist items. By enabling this option, you will of course hide all 
items in your folder which are not part of your checklist. This might be 
useful if you want a better overview and/or want to create several sep- 
arate checklist-only folders. 


> Creating a Better Overview with Group Labels 

By Erno de Korte 

There is even more good news when you start using GroupWise 7.0. 
Of course you can still use the Checklist feature as described earlier, 
but GroupWise 7.0 offers a new exciting option which allows you to 
add Group Labels to your Mailbox view. This option will automatical- 
ly categorize your mail into sections such as Today, Yesterday, or any 
other date in the past. (ser riGuRE +) 

To be honest, I’m not normally the type of guy that would sacri- 
fice valuable space for a few extra lines of information. But after 
enabling this feature, I felt much better about my very active Inbox, 
because this option clearly shows that my efforts to keep my mail- 
box clean have indeed had some positive results. So make sure to 
check it out yourself. Here is how you can enable this feature: 


* Right-click the Mailbox folder and click on Properties. 
* Click on the Display Tab. 
Locate the Show Group Labels checkbox and enable it. 


* Click OK to activate these changes. 
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Figure 4 Group Labels will automatically categorize your 
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Sometimes there is a need to clear 


see the difference between internal, 


external and Internet e-mail. GroupWise allows you to see the difference, 
because all e-mails that pass the GroupWise Internet Agent will receive a stamp. 


This way, it will be easier and more rewarding to keep your mailbox clean. 


Tip: You can also enable or disable the Show Group Labels option by 
right clicking on the second or third column of an item. Do not right click 
on the first column, because it will offer a lot of other options! 


> Once Again - Group Labels Offer You a Better Overview 
By Uli Neumann 

As discussed in topic 9 in the GroupWise Powerguide, GroupWise 7.0 
offers a very interesting new option called Group Labels. This option 
helps you to get a better overview of your mailbox, as it will separate 
a possibly long list of items into items per day. 

As discussed in topic 9 in the Group Wise Powerguide, you can enable 
this by right clicking in a list view, but you can also enable this by default 
per folder, with the option settings of a folder. (sry ricurr 5.) The 
result is a highly improved view of the items ina folder. (sev riGuRe 6.) 


> Distinguishing between Internal and Internet Mail in Rules 
By Diethmar Rimser 

Sometimes there is a need to clearly see the difference between 
internal, external and Internet e-mail. For example, you might 


want to start a search, but you only want to see the results for inter- 
nal e-mails. Or perhaps you want to create a rule which only 
executes for external e-mails. 

Group Wise allows you to see the difference, because all e-mails 
that pass the GroupWise Internet Agent will receive a stamp. 
This stamp is called the View Name and can be changed via the 
administrator tool ConsoleOne in GroupWise 6.5 or the configu- 
ration file GWIA.CFG in both versions 6.5 and 7. The default 
value is Internet and we suggest you keep it that way. 

The good news is that the View Name will be a property of all 
incoming Internet e-mails and can be used for rules, filters, and search- 
es. Two examples will show you how to use this feature: 


* Creating a rule for Internet e-mails (this topic) 

- Creating a filter for Internal e-mails (the next topic) 

You can create a rule in which the View Name can be selected via 
the Define Conditions button. (ser ricure 7.) You ean use this con- 


dition to define which action you want to be taken, whether the rule 
should be executed on an external or Internet e-mail (does contain) 


Figure 5 You can enable Group Labels by default per folder with the 
option settings of a folder 


Create Personal Folder 


Define the settings for the folder, These can be viewed and moditied in the 
folders properties dialog. 


Setting name: 
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Figure 6 Using Group Labels greatly improves the view of items in a folder 
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For more information or to have a Novell Representative contact you, please visit novell.com/ncmconnect 


or call 1-800-596-1700. 


or on an internal e-mail (does not contain). More about rules can be 


found in Chapter 11 in the GroupWise Powerguide. 


> Distinguishing between Internal and 

Internet Mail in Filters 

By Diethmar Rimser 

You can also use the View Name when you define a filter. (sie bic 
cu 8.) The simple filter interface does not offer the possibility of 
using the view name. You must therefore use the Advanced Filter 
option. 

You can create a filter in which the View Name can be selected via 
the Define Conditions button. You can use this condition to define 
which action you want to be taken, whether the filter should be execut- 
ed on an external or Internet e-mail (does contain) or on an internal 
e-mail (does not contain). 

The filter in the example below will filter out all internal e-mails, 
showing only incoming external e-mails coming from the Internet via 
the GroupWise Internet Agent. 


Tip: You can also save these filters to be used later by using the Save 
button on the filter dialog. Very handy indeed! N 


GroupWise Powerguide 


You can buy The GroupWise Powerguide for 
US$24.95 (ISBN# 9789080893450) 

from your local bookseller or directly from the 
publisher at books4brains.com. 


You can also order the book at many other online 
retailers such as amazon.com and 
barnesandnobie.com. 


The book contains more than 130 power tips like 
the ones listed in Fine Print. Each tip lists the versions 
of GroupWise with which it is compatible. 


Most tips are listed as compatible with versions 6.5 and 7. 


Figure 7 You can cr 
via the Define Cc 


Figure 8 You can use the View Name when you define a filter. 
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The Emergence of True Enterprise Class Open Source Applications 
entric 


by Tom Manos 


oogle search for “enterprise open source” returns more tions. At a minimum, enterprise applications should have the fol- 
than 1.5 million results. There are Web sites, conferences lowing characteristics: 

and trade shows, and even a fairly large number of books devoted to the 

topic. In this article we'll define what “enterprise open source software” + High availability: If operations or revenue stop when the 


means and describe the characteristics of such applications. application stops, then the application must be continuously 
available. 

> Defining Enterprise Software * Security: The application will be processing the enterprise's most 
Martin Fowler, chief scientist at ThoughtWorks writes,“Enterprise precious possession: its information. When dealing with sensitive 
Application is the name I give to a certain class of software systems: information, strong security is a must. 
the data intensive software systems on which so many businesses run. + High performance: The application must perform adequately 
Another, and perhaps better, name for them is Information Systems under the load it is given. 
since these are systems that process and manipulate information.” + Scalability: The application must scale to whatever size 

For the purposes of this article, we will use Fowler’s definition: is required. 
Enterprise Software is software that solves problems across an enter- + Support: The application must be professionally supported. 


prise, rather than specific problems within an enterprise. Thus, most 
desktop applications would not be considered enterprise applications — Centric CRM is one open source enterprise application that has those 
nor, in this case, would operating systems or database systems since they characteristics. Let me explain. 
don’t solve problems or process information in and of themselves. 

Examples of true enterprise applications include Customer > Building Enterprise Open Source Applications 
Relationship Management (CRM), Enterprise Resource Planning — Ever-larger enterprises are beginning to seriously evaluate open 
(ERP), Content Management, and corporate financial applica~ source solutions to determine whether such products provide a 


Figure 1 Centric CRM's Action Plans provide easy-to-create workflows that Figure 2 Centric CRM provides a consolidated view of your customers, 
any user can follow including opportunities, communication and service requests. 
iy Home Page > Action Pins > Action Pion Details (G@cenrriccrm geitt etre Ler lke 
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legitimate alternative to traditional propri- 
etary applications. “We are making a 
strategic move to embrace open source 
technologies,” says Brian Shield, ClO of 
The Weather Channel. “Finding enterprise- 
ready products such as Centric CRM have 
allowed us to mothball several expensive 
proprietary systems already.” 

The challenge for open source providers 
is to build an application that simultaneous- 
ly leverages the advantages of open source 
development—large groups of developers 
improving the code, viral spread of solu- 
tions, the essential appeal of open source 
products—while also satisfying all the 
requirements necessary to be seriously con- 
sidered ready for the enterprise. This means 
solving a number of potentially conflicting 
requirements. On the one hand, it must 
appeal to an open source community, be 
accessible, understandable, inexpensive or 
even free, and run entirely on an open 
source infrastructure. On the other hand, it 
must be built on an enterprise architecture, 
support very large installations and be capa- 
ble of running on any application stack the 
customer specifies, with little or no change. 

CRM is one of the most critical activities in 
which successful companies engage. CRM is 
first and foremost a business strategy. 
Successive waves of technologies— starting 
with index cards—have emerged to help busi- 
nesses do a better job of managing their 
customer relationships. Most CRM solutions 
available to date have involved expensive, pro- 
prietary software. One of the most exciting 
developments in CRM technology is the emer- 
gence of advanced open source solutions. By 
their very nature, open source applications are 
less expensive to acquire, deploy and support 
than proprietary solutions. When correctly 
designed and implemented, an open source 
system like Centric CRM will provide enter- 
prise-class security, scalability and features at a 
price and in a form accessible to everyone. 


> The Emergence of an Enterprise 
Open Source “Ecosystem” 

Centric CRM is by no means the only open 
source application developer who has 
thought through the issues involved in 
building true enterprise-class open source 
solutions. Without the guiding hand of a 
single organization, there is now available a 
suite of complementary, enterprise-ready 
products that solve a wide range of corpo- 
rate I'T problems. “It may take some getting 
used to, but open source is the way of the 
future for enterprise software,” notes Peter 


Winston, CEO of Project.net. “With the 
product source code, you can customize 
applications to your own specifications, in 
much less time and at a much lower cost of 
financial and human resources.” 

The emergence of a suite of Java-based 
enterprise-class applications is also creating 
tremendous opportunities for VARs and 
Systems Integrators with open source 
expertise. “We can now offer our corporate 
customers cross-departmental open source 
business functionality,” says Ron Bongo, 
CEO of CorraTech, a large open source 
integrator with operations in Europe and 
the US. “By delivering solutions using open 
source code within a Service Oriented 
Architecture (SOA), we can provide deep 
integration that’s maintainable. 


> An Enterprise Open 

Source License 

Despite the lack of a guiding hand, almost all 
serious enterprise open source vendors have 
made substantially similar choices in the 
architecture they have chosen. In particular, 
they have all chosen Java J2EE as the correct 
development platform. They have also made 
substantially similar choices about how they 
license their products. Consensus is building 
around the key elements an enterprise open 
source license must embrace. In particular, the 
following elements are important to an effec- 
tive enterprise license: 


1. The source code must be truly open. 

2. The license must discourage “forking” of 
the code. As long as large enterprises have 
to worry about multiple variants of a 
product emerging, they will not embrace 
open source solutions for mission-critical 
applications. Instead, they need a unitary 
code-base backed by a real vendor 
offering professional service and support. 
An enterprise open source license creates 
this condition by restricting 
redistribution of the source code. Thus, 
while the full source code is truly open (in 
other words, freely available to download 
and inspect), it cannot be resold 
(presumably with modifications) without 
the vendor's permission. 

3. Any modifications that a customer makes 
to the application for their own internal 
use must belong to them. Customers who 
undertake meaningful development to 
create significant competitive advantage 
for themselves cannot be forced to 
involuntarily submit their enhancements 
back into the core product. N 
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most advanced open source CRM system available. 
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Extending the Life of Your Portal 


Liferay, Inc. 


by Alice Cheng 


ith the sun setting on the Novell exteNd Portal plat- 
form (support ending in 2009), enterprise users are 
looking for compelling portal alternatives with long-term viability. 

Liferay Portal is a mature open source portal with a growing commu- 
nity of Novell users and invested compatibility with Novell technologies. 
Using Novell SUSE Linux 10, Apache Geronimo Application Server 1.1 
and Liferay Portal, a full open source stack can be deployed that works 
with your existing technology, whatever it may be. (ser picurr |.) 

In fact, with more than 700 deployment configurations, Liferay is 
the only open source portal compatible with all major application 
servers, databases and operating systems including: 

Application Servers: Apache Geronimo, BEA WebLogic, 

Borland ES, IBM Websphere, JBoss, JOnAS, Oracle AS, 

Pramati, Sun JSAS, and more 
* Servlet Containers: Jetty, Tomcat, Resin 
* Databases: IBM DBz2, Microsoft SQL Server, MySQL, 

Oracle, and more 

Operating Systems: Linux (Novell, Fedora), BSD (FreeBSD, 

NetBSD, OpenBSD), Solaris, Mac OS X and Windows. 


> Keep Your Existing Novell Investment 
Liferay Portal also offers deep integration with your existing Novell 
investment in partnership with TriVir, a team of seasoned Novell alumni: 


* Out-of-the-box integration with eDirectory: PasswordSmith is 
the first eDirectory Universal Password-enabled JSR-168 portlet 
written to leverage password policies and Universal Password from 
eDirectory. With Liferay’s new Plug-In Manager, you can deploy 
PasswordSmith live into an existing running portal environment. 
Native integration with Novell ID Manager: Provides integration 
with Liferay via the Liferay Web services interface including: user 
registration (form-based account creation with optional e-mail 
verification and CAPTCHA verification during registration), 
password recovery and management, and account management 
(updates user information). 

: Liferay running behind Access Manager 3.0: This allows 
Liferay to consume an HTTP Basic Authentication Header. 
Novell Access Manager 3.0 sends a basic auth header to Liferay 
upon user login for an elegant, maintainable single sign-on 
solution. Access Manager 3.0 also comes with a J2EE security 
agent for a number of popular application servers. 

- LDAP Dredging Feature 

* Citrix Application Launch-Item Interface: Stargate is a ]SR-168 
standard portlet that exposes Citrix-published applications for 
launching through Liferay. It delivers a seamless interface 
between users and applications with little or no user 
configuration on the client side. 


vith your existing Novell environment with eDirectory 
and native integration with Novell Identity Manager 


Figure 1 Liferay works 
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For more information, visit liferay.com, e-mail sales@liferay.com, or call 1-626-369-7868. 


Novell exteNd to Liferay Portal: 
One Novell Shop’s Story 
With USS$1.9 billion budgeted for 2007, 
The Colorado Department of Human 
Services (CDHS) is the second largest 
agency in the Colorado State Government 
overseeing all 64 county departments of 
the state’s social/human services system as 
well as third-party service providers. 

“With all our disparate user groups, our 
portal provides secure, easy access to core 
applications no matter where they were,” said 
Stephen Swanson, Chief Technology Officer 
at CDHS. As its experience with Novell 
exteNd has been a positive one, news of its 
eventual phase-out brought up tangible dis- 
appointment. “The news raised concerns 
about the longevity of our portal solution and 
we knew we needed a replacement for exteNd 
that would last.” 

Hence, CDHS looked to open source. 

During three months, CDHS partner, 
Dynamics Research Corporation, ran side by 
side tests of Liferay, Jetspeed, Jahia and 
GridSphere against its existing environment. 
“Liferay clearly performed the best and was the 
most customizable,” said Swanson who also 
cited other key criteria, including: 

easy integration with the existing Novell 

eDirectory and iChain environments 
* support for custom themes, layouts 

and portlets 

a truly open source product with easy to 

read, well-documented code 

the ability to natively support access to 

remote resources 

a motivated support community 


Success with Liferay Portal 
Today, CDHS is rolling its Liferay portal 
solution out to its 7,000+ users of varying 
profiles. It highlights Liferay’s flexible 
design/architecture and ease of development 
and customization, which allowed for expan 
sion upon an impressive list of extensions. In 
particular, CDHS highlights the User 
Provisioning and Login functions: 

User Provisioning portlet: Leverages 


Liferay Portal’s fine-grained permissioning 
system and allows administrators to assign 
access to communities, layouts and portlets 
from a single screen. Information is saved to 
both Liferay and LDAP allowing for easy 
management of 400+ eDirectory groups. 
(SEE FIGURE 2.) 

Custom login module: Imports LDAP 
group information for first-time logins and 
passes that information to the Liferay 
database. Liferay Portal actually improved 
the organization's ability to leverage this 
existing architecture, speeding up the user 
login experience. 

Custom Web service: Integrates with 
Novell Identity Manager 3 to support the 
synchronization of user/group memberships 
between eDirectory and Liferay. 

Integration with Novell iChain: Allows user 
credentials to be passed to Liferay supporting 
single sign-on. When a user logs out of Liferay, 
the users is also logged out of iChain. 

“In the past most of these changes would 
have had to wait for major application revi- 
sions,” said Swanson; “however, with 
Liferay, we were able to make the desired 
changes as needed.” 


Liferay Portal and the Value of 
Open Source 
In development since 2000, Liferay Portal 
has one of the most mature and active com 
munities in the open source portal market 
with more than 80 members, so+ of which 
are active contributors—an impressive 
number compared to most open source 
projects with just a handful of people con 
tributing to the code. 

“This gave us a lot of confidence in the 
product,” said Swanson, “A mature commu 
nity provides us a built-in support 
organization of sorts to which we can turn to 
for help. At the end of the day, it means that 
the product will be sustained so we get 
dependability and longevity.” 

Please visit this article online at novellcom 
connectionmagazine to read more about the 
Liferay Portal features. 


Is your Portal 
over- ed? 


= Out of the box integration 
with eDirectory 


= Native integration with 
Novell ID Manager 


= Compatibility with all 
major application servers, 
databases, and operating 
systems 


= Over 60 pre-bundled 
portlets with full 
collaboration suite 


= Compliance with standards 
(JSR-168, JSR-170, WSRP, 
etc.) 


= Built-in Content 
Management System 


= Zero license fees 


= Full suite of professional 
services 


LIFERAY. 


Enterprise. Open Source. For Life. 


www.liferay.com 


ONS ‘Guardian ‘NetMail. 


oe oe & Compliance Extreme Email Firewall (Extreme Email Engine 


Trusted by Novelle and millions of users worldwide 


“M+Archive iiteratty paid for, liste the minute we 
turned it on. No wonder it’s the leading email 
retention & compliance Solution for eDirectory.” 


_ “M+Guardian’s cross-platform email, server support 
and tight integration with eDirectory allowed us 
to achieve comprehensive, palicy-driven email 
gE. arenes in Nike than 15 minutes.” 


Call Messaging Architects at 1-866-497-0101 or visit 
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